Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot check for updates until Suricata blocks deleted...

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 2 Posters 563 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Cool_CoronaC
      Cool_Corona
      last edited by

      System is stuck on obtaining update until Suricata blocks are deleted.

      Then its available.

      Anybody know what to look for in the alerts tab to prevent this?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @Cool_Corona
        last edited by

        If you have Suricata on LAN, there should be an alert showing the IP of your router. (Otherwise if on WAN I think they all will show the IP of your router). The alerts page should also show active alerts in that there is an icon to unblock them. The block page lists the rules that triggered, and one can click the magnifying glass icon to look up the PTR for the IP.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        Cool_CoronaC 1 Reply Last reply Reply Quote 0
        • Cool_CoronaC
          Cool_Corona @SteveITS
          last edited by

          @teamits Thanks but problem is that the log only shows the last 500 alerts...

          So its drowning on a busy connection

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @Cool_Corona
            last edited by

            I can set it to show more than 500...? However it only goes back to the last log rotation (I'm assuming, as I see only 2 days). Also the download button says it will download "all" logs for the interface. If you remove the blocks and check for an update and it is blocked then it should be pretty easy to narrow down the possibilities...

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            Cool_CoronaC 1 Reply Last reply Reply Quote 0
            • Cool_CoronaC
              Cool_Corona @SteveITS
              last edited by

              @teamits I did that...twice. It blew right through with no issues.

              It happens after some time. And I cant see anything in the logs.

              Only way to circumvent it, is to set the Remove Blocked Hosts Interval to anything else than Never.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.