khan
22 April 2025 09:25
1
Hi everyone,
I’m using IPFire 191 and I only want to collect IDS logs locally — I no longer intend to forward anything to Wazuh.
I have the following rulesets enabled:
Previously, I had the option “Monitor traffic only” enabled, and I was seeing IDS logs. However, after disabling that option, I’m no longer getting any IDS logs at all.
How can I restore IDS log generation without using “Monitor traffic only”? I want to make sure my IPS is actively logging alerts when malicious traffic is detected.
Thanks in advance for your help!
hvacguy
22 April 2025 10:15
2
You need to Monitor Enable or it is off.
You do not have to Enable IPS, That is the blocking feature.
You may wish to turn of remote logging if you are not using it now..
khan
22 April 2025 10:22
3
So just to clarify —actively respond to threats (act as an IPS) and generate logs at the same time ?
If I enable “Monitor traffic only” , I’ll get logs, but the IDS won’t actually act or block anything — is that correct?
I just want to be sure I’m not misunderstanding how this works.
Thanks!
1 Like
hvacguy
22 April 2025 15:00
4
Check the enable box to have it block.
1 Like
hvacguy
22 April 2025 15:02
5
Yes.
