Suricata stops afters seconds of starting it



  • suricata stops afters seconds of starting it. What am i missing here?



  • No idea.  You haven't given us any information to allow us to help you.  What do the logs say?



  • The current version, 3.0.2, is not working well with the latest version of 2.3.3x pfSense. The Suricata package has been updated to 3.1.1. The update is being incorporated into Package Manager by BMeeks, but it is not there yet. There are a few of us watching the threads for updates.

    Bottom line, he's working on it, give him time.



  • I see. So there is an update for this in the future.

    By the way, I edited the /etc/rc.conf with configurations below

    suricata_enable="YES <– enable IDS
    suricata_interface="re0"  <-- wan interface
    suricata_divertport="8000"
    suricata_netmap="YES"  <-- enable high speed netmap

    add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf

    On SID MGMT TAB,

    sid order= disable,enable
    enable sid file=enablesid_sample.conf
    disable sid file=disablesid_sample.conf
    modify sid file=modifysid_sample.conf
    drop sid file=dropsid_sample.conf

    All else, is just like snort configurations.

    Also I used INLINE mode, and all else in that related configs are not touched. defaults values are used.

    Started Suricata, then after 2-3 seconds, it stops.  That is my situation.



  • need update please. I cant start suricata.  I have also snort installed. even if I stop snort and start suricata, suricata still stops.

    also i am having alert "IPS inline mode requires that Hardware Checksum, Hardware TCP Segmentation and Hardware Large Receive Offloading all be disabled on the System > Advanced > Networking tab."  Eventhough I have already checked the box to disable the two options.



  • I thought increasing the stream memory had resolved it, but after rebooting pfsense box, the suricata service stopped again and cant be started even if I restart it. OMG


Log in to reply