Where Are the Packets Captured by Suricata on pfSense?
Show me the packets!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: Network Security | pfSense | Cybersecurity
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I’ve been writing about Suricata on pfSense for a minute. In the last post I dug into why the stream rules don’t work for Suricata on pfSense.
In this post, I want to look at the individual network packets that triggered the alerts.
Enable packet capture
Before you can look at any packets triggering Suricata alerts, you have to enable packet capture.
Navigate to Suricata as I showed you in prior posts.
Services > Suricata
Click on the pencil icon next to an interface.
On the Settings tab …
Scroll down and check the box next to Enable Packet Log.
