Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata XMLRPC errors

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    1 Posts 1 Posters 411 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      ws6
      last edited by ws6

      Hi, If this is in the wrong section please move it.

      I am running 2.4.5-p1. I am using 2 older dell desktop in an HA config for the firewalls. The onboard nic on each system is dedicated to HA and connected with a crossover cable. HA seems to work but i have recently been getting some XMLRPC errors that are tied to suricata:

      Feb 11 05:32:35 php-fpm 30921 /rc.start_packages: XMLRPC reload data success with https://---Host2-HA-IP---:443/xmlrpc.php (pfsense.exec_php).
      Feb 11 05:32:35 php-fpm 30921 /rc.start_packages: Beginning XMLRPC sync data to https://---Host2-HA-IP---:443/xmlrpc.php.
      Feb 11 05:32:35 php-fpm 30921 /rc.start_packages: XMLRPC reload data success with https://---Host2-HA-IP---:443/xmlrpc.php (pfsense.merge_installedpackages_section).
      Feb 11 05:32:35 php-fpm 30921 /rc.start_packages: Beginning XMLRPC sync data to https://---Host2-HA-IP---:443/xmlrpc.php.
      Feb 11 05:32:36 php-fpm 30921 /rc.start_packages: XMLRPC reload data success with https://---Host2-HA-IP---:443/xmlrpc.php (pfsense.exec_php).
      Feb 11 05:32:36 php-fpm 30921 /rc.start_packages: Beginning XMLRPC sync data to https://---Host2-HA-IP---:443/xmlrpc.php.
      Feb 11 05:32:36 php-fpm 30921 /rc.start_packages: XMLRPC reload data success with https://---Host2-HA-IP---:443/xmlrpc.php (pfsense.exec_php).
      Feb 11 05:32:36 php-fpm 30921 [suricata] XMLRPC sync completed.
      Feb 11 05:33:22 php-fpm 30510 /suricata/suricata_rulesets.php: A communications error occurred while attempting to call XMLRPC method exec_php:
      Feb 11 05:33:22 php-fpm 30510 /suricata/suricata_rulesets.php: New alert found: A communications error occurred while attempting to call XMLRPC method exec_php:
      Feb 11 05:33:22 php-fpm 30510 /suricata/suricata_rulesets.php: Beginning XMLRPC sync data to https://---Host2-HA-IP---:443/xmlrpc.php.
      Feb 11 05:33:22 php-fpm 67379 /suricata/suricata_rulesets.php: A communications error occurred while attempting to call XMLRPC method exec_php:
      Feb 11 05:33:22 php-fpm 67379 /suricata/suricata_rulesets.php: New alert found: A communications error occurred while attempting to call XMLRPC method exec_php:
      Feb 11 05:33:22 php-fpm 67379 /suricata/suricata_rulesets.php: Beginning XMLRPC sync data to https://---Host2-HA-IP---:443/xmlrpc.php.
      Feb 11 05:33:22 php-fpm 30510 /suricata/suricata_rulesets.php: XMLRPC reload data success with https://---Host2-HA-IP---:443/xmlrpc.php (pfsense.exec_php).
      Feb 11 05:33:22 php-fpm 30510 /suricata/suricata_rulesets.php: Beginning XMLRPC sync data to https://---Host2-HA-IP---:443/xmlrpc.php.
      Feb 11 05:33:22 php-fpm 67379 /suricata/suricata_rulesets.php: XMLRPC reload data success with https://---Host2-HA-IP---:443/xmlrpc.php (pfsense.exec_php).
      Feb 11 05:33:22 php-fpm 67379 [suricata] XMLRPC sync completed.
      Feb 11 05:33:22 php-fpm 30510 /suricata/suricata_rulesets.php: XMLRPC reload data success with https://---Host2-HA-IP---:443/xmlrpc.php (pfsense.exec_php).
      Feb 11 05:33:22 php-fpm 30510 [suricata] XMLRPC sync completed.

      Suricata is enabled on all the inside network interfaces but not the HA interfaces. HA rules are ipv4 any to any. IPS mode is legacy with promiscuous mode off on all.

      any suggestions on what to look at next to resolve this?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.