Hello Michael,
Can you post the configuration of your violation from the conf/violations.conf
here ?
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) ::
www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>)
and PacketFence (http://packetfence.org <http://packetfence.org/>)
> Le 18 févr. 2016 à 11:38, Michael R. Haag <[email protected]>
> a écrit :
>
> Hello,
>
> I have Suricata on SecurityOnion sending events to a Packetfence 5.7.0 ZEN
> server. The events do arrive on the Packetfence server and show in
> /usr/local/pf/logs/pfdetect.log. For example:
>
> Feb 18 11:32:09 pfdetect(13855) INFO: alert received: 'Feb 18 16:32:09
> SecurityOnion sguil_alert: 16:32:08 pid(3772) Alert Received: 0 2
> misc-attack SecurityOnion-eth1 {2016-02-18 16:32:07} 2 24242 {ET TOR Known
> Tor Relay/Router (Not Exit) Node Traffic group 680} 94.242.231.98
> 192.168.12.201 6 443 53764 1 2523358 2493 112 112
> ' (main::_run_detector)
>
>
> If I configure a violation with a trigger of Suricata Event 2523358, the
> violation is not triggered. I must be missing something. What should I check
> to troubleshoot this issue?
>
>
> Thank you,
>
> Michael R. Haag
> Computer Services Technician
> Department of Information Technology
> Madison County, NY
> (315) 366-2204
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
>
> <http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________>
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
