Suricata Running on Interface Will Not Stop
-
I'm doing a little troubleshooting trying to figure out which Suricata rule I enabled that's stopping communication for one of my iPhone apps. I decided to go to Services > Suricata > Interfaces tab and in the Interface Settings Overview > Suricata Status column, I pressed the "Stop suricata on this interface" button. Interestingly, Suricata will stop running on the interface for only a very short period of time and then seemingly restart itself. Not only from the GUI, but from the command prompt by running: ps -ax | grep suricata, I can see the interface stop and then re-enable itself. Is there a way to get Suricata to stop restarting itself automagically or is this a feature
? Any suggestions would be most helpful. Thank you. -
nope, i'm using suricata on 2.4.5 and 2.5.0, when I stop suricata it does not restart automatically.
idk, maybe you have another package like watchdog ? -
I'm presently on 2.4.5. I actually had to edit the interface and uncheck Enable and then click Save to get it to stop completely. When I did this, I was able to do my troubleshooting. After, I Enabled and Saved it again. I don't have any other packages that would have restarted it. Odd! Just thought I would ask if anyone else experienced the same. Thanks for the reply.
-
Suricata will not restart itself except when it does an automatic rules update. The binary has no mechanism to even accomplish this. The PHP GUI code takes care of restarting Suricata after a rules update download.
pfSense will, under some circumstances, issue a "restart all packages" command. Could that have been going on at the same time you were trying to stop Suricata? Very unusual if that were the case, though.
