neilanthonystuckey
commented
2 weeks ago It's working thanks for the awesome setup. I checked here https://github.com/3CORESec/testmynids.org and it showed alerts and shows dropped packets in mikrotik.
Closed neilanthonystuckey closed 2 weeks ago
neilanthonystuckey
commented
2 weeks ago It's working thanks for the awesome setup. I checked here https://github.com/3CORESec/testmynids.org and it showed alerts and shows dropped packets in mikrotik.
angolo40
commented
2 weeks ago Thanks mate! please give a star if this project helped you! :)
I have had this running for about a week but i see no activity on the alert trends. I can see traffic to and from the mikrocata2selks box and Mikrotik router under the packet sniffer section. I see output and traffic using tcpdump -i tzsp0. Using systemctl status mikrocataTZSP0.service systemctl status TZSPreplay37008@tzsp0.service shows both running without errors. The firewall rules are present in Mikrotik with no dropped packets. The API is connected from mikrocata2selks box to Mikrotik. In selks I added more sources and added those sources in the default ruleset and changed the default ruleset Transformations to action = drop lateral = auto and target = auto. I have rebooted. I have even reinstalled fresh Debian and tried again with same issue. All docker containers are running. Is there any extra config needed to get this working in IPS & IDS mode ?
OS = Debian 12.7.0 fully updated your installer script was the only thing i used so far on this system 16GB ram intel i5 10500t 512 GB SSD