Good morning Erich,
thank you for your answers. Indeed, I’ve found them logs, but there are no alerts logged currently.
Regarding your statement upon Snort - I’ve booked a subscription for the snort rules updates which work together with the Suricata IPS. So, using this unique Oinkcode lets my iPFire receive the commercial rule updates.
I presume it might have been a “false positive” in my activated exploit-kit.rules set, 'cause deactivating the os-windows.rules at first set did not lead to the acclaimed solution here.
1. Talos VRT-ruleset with subscription (RED)
2. Suricata ruleset auto update Sunday night
3. Steam client on my son's workstation stopped working (couldn't login)
4. Not any alert thrown in IPS logs
5. Deactivate os-windows.rules
6. Steam not working, either. No alerts, either.
7. Manual Suricata ruleset update
8. Steam working again on my son's workstation
I just wonder what this was, really. It might be there has had been another coincidence and it perhaps regarded to Steam but not to iPFire, but after re-downloading the ruleset Steam worked again quite immediately.
I know these rulesets havve nothing to do with iPFire, but I’d definitly wonder why there seems to be no logging when Suricata seems block a client.
Gott zum Gruße!