Hello everyone,
Ive set up SO within a VM and installed using the iso. I can log in without issue see alerts, dashboards, etc.
On my pfsense, im running Suricata. I have the following settings enabled.
I have allowed my pfsense IP to send syslogs to security onion and running a tcpdump i see messages being received at least.
The problem is after generating some bad traffic i do not see any alerts coming up within my console. Traffic is blocked on pfsense but nothing within the Alerts tab.
syslog events are increasing so for sure syslogs are being sent to SO.
Gotcha. Just confused with the tool because i have the logs sent to SO , specifically i see the logs in Kibana. But at this point its no different than Graylog as all it is just my logs - parased.
I was hoping that the pcaps can be sent to SO and investigated that way unless im doing this wrong.
