Restore Configuration on new machine - now Suricata wont start

atafm2

Trying to migrate pfsense to a new machine to be able to do 10GBE.
Installed on bare hardware, not in VM
Exported configuration XML on old machine, restored it on new machine.
Reassigned the interfaces to their new names, let it update stuff in background for an hour.
Seems like everything imported successfully, except Suricata wont enable on any interfaces, and Im not sure if pfblockerNG is working or not.

I tried reinstalling the packages with package manager, and that didnt help. I have also rebooted the router many times.

Any way to fix packages after moving? Is it a weird interface setting somewhere?

Alternatively, how do you reinstall a package without it remembering the config from before? Like fresh install?

Thanks!
Sorry if this was asked before, i couldnt not find a previous post.

If you click enable, the gear spins for a few seconds, then it goes back to red X

same if i do it here

SteveITS

@atafm2 Check the Suricata log for errors.

I would expect no issue with a restore.

If you have not tried after the restore, try restarting again.

There is a checkbox in Suricata and pfBlocker to keep or remove settings during uninstall. Though I believe I’ve read posts saying pfBlocker has a bug atm and doesn’t.

atafm2

@steveits Hi, thanks for the reply.

As mentioned, restarting the box did not fix the issue.

i am using the restore function to migrate settings between machines. I wonder if it has something to do with the package not grabbing the new interface somehow, despite saying it has the right one in the included screenshot.

atafm2

@steveits said in Restore Configuration on new machine - now Suricata wont start:

There is a checkbox in Suricata

Where do you see this? I was unable to find it. thanks

SteveITS

@atafm2 sorry, read past your restart comment.

Logs View tab has the log file which should say why it isn’t starting.

Checkbox is on the bottom of the Global Settings tab: Keep Suricata Settings After Deinstall

atafm2

@steveits said in [Restore Configuration on new machine - now Suricata wont start]

Logs View tab has the log file which should say why it isn’t starting.

Here is the log i got.
So i guess im going to try to delete that file like it wants

Edit: Deleted the file using Shell.
Now i get this error

I followed this post and upped my stream memory cap to 3GB from 128MB and now it appears to be working for now
https://forum.netgate.com/topic/84201/suricata-2-1-5-update-release-notes/5
in the GUI under Suricata > Interface > Flow and Stream
"Stream Memory Cap"

I think i had to up the memory cap because I went from 4 threads and 4GB ram to 40 threads 32GB ram but it was using the values for 4 threads and so didnt have enough memory allocated to start

SteveITS

@atafm2 yes on both counts. The pid is normally only there if it’s running so it must have crashed once. IIRC the stream memory is related to CPU cores/threads not RAM but we usually don’t need to adjust it.