Hello Andreas Herz,
How do you start/run suricata, is the interface setting correct? Started suricata service(systemctl start suricata), what is interface setting and where to configure it?
How do you test it? want to test the network traffic of one of our server
And do you see any output in eve.json log? yes below is the one of the output:
----------
{"timestamp":"2020-06-30T03:16:14.000476+0000","flow_id":1761450600273044,"event_type":"flow","src_ip":"172.bb.6.10","src_port":38040,"dest_ip":"169.mm.mm.123","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":1,"bytes_toserver":90,"bytes_toclient":90,"start":"2020-06-30T03:11:13.496788+0000","end":"2020-06-30T03:11:13.497073+0000","age":0,"state":"established","reason":"timeout","alerted":false}}
{"timestamp":"2020-06-30T03:16:18.905884+0000","event_type":"stats","stats":{"uptime":667398,"capture":{"kernel_packets":202372,"kernel_drops":0,"errors":0},"decoder":{"pkts":202373,"bytes":56525730,"invalid":0,"ipv4":141681,"ipv6":5738,"ethernet":202373,"raw":0,"null":0,"sll":0,"tcp":51986,"udp":95251,"sctp":0,"icmpv4":0,"icmpv6":182,"ppp":0,"pppoe":0,"gre":0,"vlan":0,"vlan_qinq":0,"vxlan":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":279,"max_pkt_size":1514,"erspan":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ip
v6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0