Suricata Intrusion Prevention

I’m using IPFire 2.25 (x86_64) - Core Update 142 and I’m still pretty new to using it but everything seems to be working so far.

I have the Firewall > Intrusion Prevention running on all of my interfaces and an using the Community Rules ruleset; I have several of the rulesets checked.

In the Logs > IPS Logs, it appears to show the information of possible attacks to include the names of the attacks. I’m wondering if these listed names are the names that have been checked in the rulesets or if these are the possible attacks that are knocking on the door of my selected interfaces, or a combination of both?

If there was a “Show All” link in the rulesets in the Firewall > Intrusion Prevention, I could check each of the entries in the IPS Logs against the “Show All” displayed and make sure they are checkmarked; copy the name and do a find in the “Show All”. It would be hard to go through each individual ruleset looking for the name. Does that make sense?

Any suggestions would be most helpful. Thank you.

Hi devs,

I have to say I work that way too nevertheless it is not recommended according to this post Intrusion Prevention System - Select all

I select all - I check that the Hardware and CPU power is enough - and if something does not work I uncheck that particular ruleset. Unfortunatly I have to click on every show button separately.

So a Button with Show all (and probably select all too) would be very efficient.

Could you reconsider the this decision?

Thank you.