Cannot check for updates until Suricata blocks deleted...
-
System is stuck on obtaining update until Suricata blocks are deleted.
Then its available.
Anybody know what to look for in the alerts tab to prevent this?
-
If you have Suricata on LAN, there should be an alert showing the IP of your router. (Otherwise if on WAN I think they all will show the IP of your router). The alerts page should also show active alerts in that there is an icon to unblock them. The block page lists the rules that triggered, and one can click the magnifying glass icon to look up the PTR for the IP.
-
@teamits Thanks but problem is that the log only shows the last 500 alerts...
So its drowning on a busy connection
-
I can set it to show more than 500...? However it only goes back to the last log rotation (I'm assuming, as I see only 2 days). Also the download button says it will download "all" logs for the interface. If you remove the blocks and check for an update and it is blocked then it should be pretty easy to narrow down the possibilities...
-
@teamits I did that...twice. It blew right through with no issues.
It happens after some time. And I cant see anything in the logs.
Only way to circumvent it, is to set the Remove Blocked Hosts Interval to anything else than Never.