Suricata Alerts Stop Generating #3135

Cra5hedC0w · 2021-02-25T14:52:57Z

Cra5hedC0w
Feb 25, 2021

I have an issue where SO stops generating suricata alerts. It's been at least a few days since suricata alerts were generated in the SOC screen. The so-status shows everything running, and okay. I did a tcpdump and see traffic on the monitor port as well. I know for a fact the network traffic should be firing off alerts.
I am receiving wazuh alerts however. This is a standalone install. I am on the latest release.

Any ideas on where to begin with this?

Answered by Cra5hedC0w

Feb 27, 2021

This issue is resolved.

View full answer

Cra5hedC0w · 2021-02-27T00:29:10Z

Cra5hedC0w
Feb 27, 2021
Author

This issue is resolved.

2 replies

ErwinDFIRocks Apr 22, 2021

Hi what was the issue and how did you solve this?

Thanks and Regards!

Cra5hedC0w Apr 22, 2021
Author

This issue was related to a switch configuration unrelated to Security Onion. The ports that were mirroring traffic stopped mirroring when the configuration was wiped on the switch after a power failure.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Suricata Alerts Stop Generating #3135

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Suricata Alerts Stop Generating #3135

Uh oh!

Uh oh!

Cra5hedC0w Feb 25, 2021

Replies: 1 comment · 2 replies

Uh oh!

Cra5hedC0w Feb 27, 2021 Author

Uh oh!

ErwinDFIRocks Apr 22, 2021

Uh oh!

Cra5hedC0w Apr 22, 2021 Author

Cra5hedC0w
Feb 25, 2021

Replies: 1 comment 2 replies

Cra5hedC0w
Feb 27, 2021
Author

Cra5hedC0w Apr 22, 2021
Author