Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN and VLAN

    IDS/IPS
    2
    5
    293
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sstatjm
      last edited by sstatjm

      @bmeeks - Everyday that one vlan ix1.60 gets disabled. I am trying to remember if you suggested that only the physical LAN should be there. And VLANs arent neccessary

      62ef007f-e275-4d15-b89a-f6f703e8e916-image.png

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Instances are each VLAN are not really necessary, although with Legacy Blocking Mode it will work. The underlying binary by default puts the monitored interface in promiscuous mode, so Suricata will see all the traffic on the parent interface anyway.

        If only that one single VLAN instance is stopping, you should look in the logs and figure out why. Look in the suricata.log file for that interface (you can find it under the LOGS VIEW tab in Suricata).

        1 Reply Last reply Reply Quote 0
        • S
          sstatjm
          last edited by

          I got this when I checked but no idea what to do

          [103245 - RX#01-ix1.60] 2023-12-08 21:06:40 Info: pcap: ix1.60: running in 'auto' checksum mode. Detection of interface state will require 1000 packets
          [103245 - RX#01-ix1.60] 2023-12-08 21:06:40 Info: pcap: ix1.60: snaplen set to 1522
          [103117 - Suricata-Main] 2023-12-08 21:06:41 Notice: threads: Threads created -> RX: 1 W: 6 FM: 1 FR: 1 Engine started.
          [103245 - RX#01-ix1.60] 2023-12-08 21:08:25 Info: checksum: No packets with invalid checksum, assuming checksum offloading is NOT used
          [103249 - W#04] 2023-12-08 21:10:12 Error: spm-hs: Hyperscan returned fatal error -1.

          bmeeksB 1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks @sstatjm
            last edited by

            @sstatjm said in LAN and VLAN:

            I got this when I checked but no idea what to do

            [103245 - RX#01-ix1.60] 2023-12-08 21:06:40 Info: pcap: ix1.60: running in 'auto' checksum mode. Detection of interface state will require 1000 packets
            [103245 - RX#01-ix1.60] 2023-12-08 21:06:40 Info: pcap: ix1.60: snaplen set to 1522
            [103117 - Suricata-Main] 2023-12-08 21:06:41 Notice: threads: Threads created -> RX: 1 W: 6 FM: 1 FR: 1 Engine started.
            [103245 - RX#01-ix1.60] 2023-12-08 21:08:25 Info: checksum: No packets with invalid checksum, assuming checksum offloading is NOT used
            [103249 - W#04] 2023-12-08 21:10:12 Error: spm-hs: Hyperscan returned fatal error -1.

            Ah-ha! You are a victim of the problem others are having as detailed in this very long thread: https://forum.netgate.com/topic/184101/suricata-process-dying-due-to-hyperscan-problem.

            S 1 Reply Last reply Reply Quote 0
            • S
              sstatjm @bmeeks
              last edited by

              @bmeeks
              I see that there is an update out now. I just install it a few minutes ago. So will update if I run into that same issue again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post