Hello everyone,
Ive set up SO within a VM and installed using the iso. I can log in without issue see alerts, dashboards, etc.
On my pfsense, im running Suricata. I have the following settings enabled.
I have allowed my pfsense IP to send syslogs to security onion and running a tcpdump i see messages being received at least.
The problem is after generating some bad traffic i do not see any alerts coming up within my console. Traffic is blocked on pfsense but nothing within the Alerts tab.
syslog events are increasing so for sure syslogs are being sent to SO.