I’m looking to create a script that detects new IPS logs and sends an email notification to the administrator. However, I couldn’t find a specific IPS log file. Does such a file exist, and if so, where can I find it?
If there isn’t a dedicated IPS log file, I was considering either web scraping the IPS log page or parsing the /var/log/messages file to achieve this.
Thanks!
If what you are looking for is what is shown in the WUI page on Logs - IPS Logs then this can be found in the file
/var/log/suricata/fast.log
For the IPS system logs, such as when it reloads rulesets or additional rulesets are added, then those are in the file
/var/log/messages
with the reference suricata.
Are you using Monit ?
I just realized my Suricata IPS was down for 10 days, without showing anything relevant in the system logs. After an update , system logs just became blank. No errors just blank.
No. But maybe I don’t have this issue because I’m on the 185 core update idk.