Install Suricata but suppress service start automatically?

pfsense_user12123 · Sep 9, 2017, 3:42 PM

long time ago i installed suricata and noticed that i cant add all rules on all interfaces because my system is to slow. so i uninstalled it.

now i wanna try it again. but if i install suricata it starts automatically and my hole system freezes and i´m not able to do anything. it was hard to get back to my backup i did before.

what can i do to install suricata without automatically starting it. so i need a fresh install without starting the service automatically.

any ideas ?

thx very much!

bmeeks · Sep 9, 2017, 5:54 PM

@pfsense_user12123:

long time ago i installed suricata and noticed that i cant add all rules on all interfaces because my system is to slow. so i uninstalled it.

now i wanna try it again. but if i install suricata it starts automatically and my hole system freezes and i´m not able to do anything. it was hard to get back to my backup i did before.

what can i do to install suricata without automatically starting it. so i need a fresh install without starting the service automatically.

any ideas ?

thx very much!

Suricata should not be freezing a machine with 8 GB of RAM (if your profile info is correct). You apparently have an old existing Suricata configuration saved in your config.xml file. Otherwise the package would not auto-start after installation. You can deal with this two ways. First, if you can get into the firewall after the install, go to the GLOBAL SETTINGS tab and uncheck the "save settings" box and save the change. Then remove the Suricata package. That will clean out the configuration.

If you can't get into the firewall after installing, then you need to remove the old Suricata config info from your config.xml backup. That will require hand-editing the file. Scroll down into the <packages>section and remove everything between the <suricata>and</suricata> tags including those two tags themselves. That will totally remove the old configuration. You can then install the package and it won't attempt to auto-start.

Bill</packages>

doktornotor · Sep 9, 2017, 6:34 PM

Make sure you've deleted /tmp/config.cache after changing config.xml if you go the hand-edit route.

pfsense_user12123 · Sep 9, 2017, 8:23 PM

Thx for your help. Yes i have 8 gb of RAM.

The Problem was/is….

After installing suricata, i couldn't do anything. Cpu 100%!!!
The only way to fix that Problem was to reboot and Login as soon as the GUI was loaded and uninstall suricata. Then i uploaded the Backup and everything was fine again.

pfsense_user12123 · Sep 10, 2017, 12:13 PM

THX.

i deleted the config.cache first and then restored the motified config.xml.
After reboot everything works great!! ;D

THX4ALL ;)

pfsense_user12123 · Sep 28, 2017, 6:25 PM

I figured out that INLINE MODE causes the Problem. In Legacy Mode everything works great. So the Main Problem in the configuration file was the inline Mode which made the Router freeze.

bmeeks · Sep 29, 2017, 1:14 AM

@pfsense_user12123:

I figured out that INLINE MODE causes the Problem. In Legacy Mode everything works great. So the Main Problem in the configuration file was the inline Mode which made the Router freeze.

Not surprising. Lots of NIC hardware has problems with Inline Mode due to the Netmap dependency. It is still a buggy interface in all of the following: (1) NIC drivers, (2) FreeBSD and (3) to some degree Suricata upstream.

Bill