No alerts for 2 days

[mbaki]

Hi all,

We have a standalone server that we upgraded from 140 to 160 today, but I noticed that we haven't received any suricata alerts since 8/30 (2 days ago). so-status shows all "Ok", nothing changed except for todays upgrade, and

docker logs so-suricata
1/9/2022 -- 15:42:07 - - This is Suricata version 6.0.6 RELEASE running in SYSTEM mode
1/9/2022 -- 15:42:14 - - all 1 packet processing threads, 4 management threads initialized, engine started.

zeek is working fine, and I see traffic on bond0

Thanks
Monah

[reyesj2]

Have you tried restarting the docker container?

sudo so-suricata-restart

Have you tried

sudo so-test

Did you make any custom changes to Suricata configuration in /opt/so/saltstack/default/ instead of /opt/so/saltstack/local/ this could have caused you to lose your custom changes including your $HOMENET variable that may explain Suricata not triggering alerts

[reyesj2]

@mbaki