SID configuration files go away on reboot


  • Banned

    On every reboot of PFsense, in Suricata, all the sample and custom SID configuration files go away. I have to reinstall Suricata to get back the sample files and upload my custom ones again. All the other settings seem intact. Is this an option somewhere, or a bug?
    Pfsense 2.4.1
    Suricata 4.0.0.2



  • The only way I can imagine this happening is if you have some disk partitions on a RAMDISK.  A RAMDISK is naturally wiped clean on a reboot.  The SID management files are currently stored in the /var/lib/suricata/sidmods directory.  That directory and its files should never disappear unless you are running a RAMDISK with the /var partition on the RAMDISK.

    If you have RAMDISKS enabled, turn them off.  Or at least do not include the /var partition on a RAMDISK.

    Bill


  • Banned

    Yep, that was it. Now that my system disks are SSD, I really don't need the RAMDISK feature anymore. I am turning it off.
    Thanks again.


Log in to reply