Suricata

Can someone please help this issue?

What Distribution are you using? How did you install suricata? How does the configuration file look like? We need more details about your setup to help.

You have duplicated HOME_NET variable set, remove the upper one. But the suricata.log itself looks alright, no error message.

How do you start/run suricata, is the interface setting correct?
How do you test it?
And do you see any output in eve.json log?

Hello Andreas Herz,

How do you start/run suricata, is the interface setting correct? Started suricata service(systemctl start suricata), what is interface setting and where to configure it?
How do you test it? want to test the network traffic of one of our server
And do you see any output in eve.json log? yes below is the one of the output:
---------- {"timestamp":"2020-06-30T03:16:14.000476+0000","flow_id":1761450600273044,"event_type":"flow","src_ip":"172.bb.6.10","src_port":38040,"dest_ip":"169.mm.mm.123","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":1,"bytes_toserver":90,"bytes_toclient":90,"start":"2020-06-30T03:11:13.496788+0000","end":"2020-06-30T03:11:13.497073+0000","age":0,"state":"established","reason":"timeout","alerted":false}} {"timestamp":"2020-06-30T03:16:18.905884+0000","event_type":"stats","stats":{"uptime":667398,"capture":{"kernel_packets":202372,"kernel_drops":0,"errors":0},"decoder":{"pkts":202373,"bytes":56525730,"invalid":0,"ipv4":141681,"ipv6":5738,"ethernet":202373,"raw":0,"null":0,"sll":0,"tcp":51986,"udp":95251,"sctp":0,"icmpv4":0,"icmpv6":182,"ppp":0,"pppoe":0,"gre":0,"vlan":0,"vlan_qinq":0,"vxlan":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":279,"max_pkt_size":1514,"erspan":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ip
v6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0

So you see traffic so it looks like it's running as expected as you can see in the eve.json.

THe interface setting is found in the suricata.yaml ideally you go with the af-packet section.

Thansk Andreas, i got it.
If i have any further queries will raise a new case, please close this ticket.