Suricata Starts then Stops!
-
Suricata has issue with Netmap while Snort doesn't have any issue at all. So, it appears something to do with Suricata. Here is the message from Suricata log:
/5/2020 -- 00:01:08 - <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - Couldn't query netmap for igb0, error Invalid argument
1/5/2020 -- 00:01:08 - <Info> -- Going to use 1 thread(s)
1/5/2020 -- 00:01:08 - <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb0/R failed: Invalid argument -
Correction ... it is both Suricata, and Snort in inline mode has the problem with Netmap; so, the problem is Netmap.
-
Aware and looking into the issue. It is most likely related to the move to FreeBSD-12.1-STABLE for the latest snapshots.
-
@bmeeks Thanks Bill, meanwhile, both are running in legacy mode.
-
Try this. It worked for me in my testing VM.
-
Remove the Suricata package using SYSTEM > PACKAGE MANAGER.
-
Return to SYSTEM > PACKAGE MANAGER and install the Suricata package again.
This will forcibly download and reinstall all the new FreeBSD-12.1-STABLE libraries that Suricata needs.
Let me know if this works or not.
-
-
@bmeeks Well, Bill, I had a wild Sunday morning with pfSense 2.5-devel 20200502-210 ... for some unknown reason, after the update; WAN would not load completing the boot process. I find that odd given I was running legacy mode. So, I decided to do a fresh install, update, and restore from backup.
The install and update went well ... as soon as I restore from backup, on rebooting, it stops ... WAN would not load. So, really wanting to preserve the configuration, I went through process fresh install, update and restore from a week earlier than the first. Same thing WAN would not load to compete the boot.
Ended, freshly install, update and fresh configuration. Suricata and Snort inline mode is working ... still more configuration to do however, this time I'll keep it simpler. Thank you for following up.
