btw, the rules folder for freshly ubuntu vm are stored in usr/share/suricata/rules .. others will face this error when they want to edit the local.rules. Just simply change the mentioned directories ..
weird, I recently installed ubuntu 22.04, and Suricata, and the rules files are in the /var/lib/suricata/rules directory: sudo ls -la /var/lib/suricata/rules/ total 27580 drwxr-x--- 2 root root 4096 Mar 27 19:45 . drwxr-xr-x 4 root root 4096 Mar 27 19:45 .. -rw-r--r-- 1 root root 3228 Mar 27 19:45 classification.config -rw-r--r-- 1 root root 28229228 Mar 27 19:45 suricata.rules
If there are idiots out there like me. You are not supposed to write "1" in the beginning of the rule. You can check the there is any syntax error of the rule with "suricata -c /etc/suricata/suricata.yaml -i [INTERFACE]"
Hello, firstly thanks for the video you provided its a big help but i am facing a problem is that the rules i set customly for icmp ping its not working and not generating any alert as you does why is it? your response will be very helpful
Hi. I managed to install Suricata on VMWare and it has successfully captured ping/icmp packet destinate to it. But it didn't capture any network traffic. Any suggestion?
Hello sir. I try update my rule set in suricata. But after give the update-suricata command i got the following error. Err Code: SC_ERR_CONF_YAML_ERROR(242) Can you help me to how to handle this error
I get an error for the update at 11:14 mark [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - The configuration file must begin with the following two lines: %YAML 1.1 and ---
First: A big thanksgiving for that great video(s) about Suricata und IDS, now I unterstand it also👍👍👍 But when I want to monitor(not Control) all the traffic that are going in and out of my network I must run the Suricata IDS on a Firewall or router or something like this where the traffic goes trough?
This video can't get enough likes! You helped me work out the bugs in my suricata install, thank you!
Great video. You are producing some excellent content as I'm studying cybersecurity. Many thanks and much appreciated. Keep up the good work.
Thank you for this detailed video on how to install suricata and configure it. Really helped with my final year project in uni
btw, the rules folder for freshly ubuntu vm are stored in usr/share/suricata/rules .. others will face this error when they want to edit the local.rules. Just simply change the mentioned directories ..
Thanks a million
weird, I recently installed ubuntu 22.04, and Suricata, and the rules files are in the /var/lib/suricata/rules directory:
sudo ls -la /var/lib/suricata/rules/
total 27580
drwxr-x--- 2 root root 4096 Mar 27 19:45 .
drwxr-xr-x 4 root root 4096 Mar 27 19:45 ..
-rw-r--r-- 1 root root 3228 Mar 27 19:45 classification.config
-rw-r--r-- 1 root root 28229228 Mar 27 19:45 suricata.rules
This was indeed a high quality content. Thanks!
thank you for sharing this knowledge I look forward to taking more classes from you.
Thank you sir... You made my day
Brilliant having the "Register for Part 2" pop up right after an easily edited whoopsie.
If there are idiots out there like me. You are not supposed to write "1" in the beginning of the rule. You can check the there is any syntax error of the rule with "suricata -c /etc/suricata/suricata.yaml -i [INTERFACE]"
Hello, firstly thanks for the video you provided its a big help but i am facing a problem is that the rules i set customly for icmp ping its not working and not generating any alert as you does why is it? your response will be very helpful
Just brilliant!!
When you'll upload next video of suricata??
Definitely is quality content
Hi. I managed to install Suricata on VMWare and it has successfully captured ping/icmp packet destinate to it. But it didn't capture any network traffic. Any suggestion?
love this man
Thanks for this!
Its finally here
ua-cam.com/users/shortsNlhBppjxnqs?feature=share
Hello sir. I try update my rule set in suricata. But after give the update-suricata command i got the following error. Err Code: SC_ERR_CONF_YAML_ERROR(242)
Can you help me to how to handle this error
Hi Salinda
Did you find a solution for this error
thank you
I get an error for the update at 11:14 mark [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - The configuration file must begin with the following two lines: %YAML 1.1 and ---
it's very helpful
When I install suricata I do not have config files in /etc/suricata. How to fix that?
Thank you!
If you are trying to make the flow ID lees predictable then don't use the default seed of 0.
First: A big thanksgiving for that great video(s) about Suricata und IDS, now I unterstand it also👍👍👍
But when I want to monitor(not Control) all the traffic that are going in and out of my network I must run the Suricata IDS on a Firewall or router or something like this where the traffic goes trough?
Hi sir, can you also do a tutorial on ELK installation please. Thank you
I agree. You know we like to see pretty graphs.
Hi sir I am new subscriber
But Suricata doesn't have a Web UI? I think I saw something about that
Really great !
I like always your video
Thank you for the video. I have the rules only in /usr/share/suricata/rules. How can I get in them in default-rule-path: /var/lib/suricata/rules?
i am also facing the same problem. How you managed>??
actually all your rules that are in /usr/share/suricata/rules are compiled in /var/lib/suricata/rules suricata.rules
Beautiful!
Thanks for the video =)
Great video..!!!!
Great video!!!!!
External_Net != Home_net what about broadcast & multicast?
uhh? if you provide the correct gateway/CIDR . everything should be good .
Great!
عاشت ايدك
tq sir
14:00
first comment
F
would give 100 likes if I could
I saw the logs. I'm a lumberjack and you're not 🙂 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.