Suricata stops afters seconds of starting it
-
suricata stops afters seconds of starting it. What am i missing here?
-
No idea. You haven't given us any information to allow us to help you. What do the logs say?
-
The current version, 3.0.2, is not working well with the latest version of 2.3.3x pfSense. The Suricata package has been updated to 3.1.1. The update is being incorporated into Package Manager by BMeeks, but it is not there yet. There are a few of us watching the threads for updates.
Bottom line, he's working on it, give him time.
-
I see. So there is an update for this in the future.
By the way, I edited the /etc/rc.conf with configurations below
suricata_enable="YES <– enable IDS
suricata_interface="re0" <-- wan interface
suricata_divertport="8000"
suricata_netmap="YES" <-- enable high speed netmapadd net.bpf.zerocopy_enable=1 to /etc/sysctl.conf
On SID MGMT TAB,
sid order= disable,enable
enable sid file=enablesid_sample.conf
disable sid file=disablesid_sample.conf
modify sid file=modifysid_sample.conf
drop sid file=dropsid_sample.confAll else, is just like snort configurations.
Also I used INLINE mode, and all else in that related configs are not touched. defaults values are used.
Started Suricata, then after 2-3 seconds, it stops. That is my situation.
-
need update please. I cant start suricata. I have also snort installed. even if I stop snort and start suricata, suricata still stops.
also i am having alert "IPS inline mode requires that Hardware Checksum, Hardware TCP Segmentation and Hardware Large Receive Offloading all be disabled on the System > Advanced > Networking tab." Eventhough I have already checked the box to disable the two options.
-
I thought increasing the stream memory had resolved it, but after rebooting pfsense box, the suricata service stopped again and cant be started even if I restart it. OMG