search

Security-Onion-Solutions / securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
https://securityonion.net
3.32k stars 514 forks source link

Suricata doesn't work #13942

Closed einsidhe closed 2 weeks ago

einsidhe commented 2 weeks ago

Good day.

Problem: Suricata doesn't work, No traffic is captured.

Hardware: Physical server with 2 NICs, first for monitoring, second for capture (mirrored port)

What was done:

  1. sudo soup
  2. so-suricata-restart --force
  3. curl testmynids.org/uid/index.html
  4. Suricata -> full upgrade
  5. Multiple physical server reboots
  6. Multiple rules recretion and edition

Please fix.

dougburks commented 2 weeks ago

Please go through the troubleshooting steps at https://docs.securityonion.net/en/2.4/suricata.html#troubleshooting-alerts.

If you have continue to have problems, please start a new discussion at https://securityonion.net/discuss (rather than creating an issue here) and provide the output of each of the troubleshooting steps above.