Bug #4220: failed to hit a signature with option --simulate-ips - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4220

open

failed to hit a signature with option --simulate-ips

Added by Litmus Shi almost 4 years ago. Updated about 2 years ago.

Status:

Assigned

Priority:

High

Assignee:

Victor Julien

Target version:

8.0.0-beta1

Affected Versions:

5.0.3

Effort:

Difficulty:

Label:

Description

Hi,

I have a pcap trace which can hit my signature with the configurations in the attachment in IDS mode.
But the same trace failed to hit the same signature with the same configuration in IPS mode.

Is it by design or a bug?

How to reproduce:
1. uncompress the tar.gz to /home/inline-test, make sure all files are under /home/inline-test
2. cd /home/inline-test
3. ntd-ids -c ./suricata.yaml -r ./1flowB.pcap, and we can see eve logs.
4. ntd-ids -c ./suricata.yaml -r ./1flowB.pcap --simulate-ips, and we can't see any eve logs.

Files

inline-test.tar.gz (581 KB) inline-test.tar.gz

Litmus Shi, 12/16/2020 08:55 AM

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4220

failed to hit a signature with option --simulate-ips

Updated by Victor Julien almost 4 years ago

Updated by Victor Julien about 2 years ago