Suricata Settings Backup and Restore
-
I have a primary box and a backup box (DR) both with the same pfSense and packages. It'd be great if I could backup/save/export Suricata settings from my primary box and restore/import into my backup box. Suricata filtering settings are about the only regular changes I make.
I don't see a choice in either the Suricata package or the pfSense Backup/Restore area to restore IDP/IDS/Suricata settings.
I know I can do a full restore.
-
If they are set up using HA/CARP they can sync between the two, via the Suricata Sync tab/page. I've not tried to sync in a non-HA configuration.
-
There is an XML SYNC tab in the Suricata GUI. It will sync the configuration to multiple slaves. The one caveat is that the slave devices need to have the exact same physical interfaces and layout. So that means the hardware needs to be pretty much identical: same NIC types, and the same NIC ports defined as WAN, LAN, etc., needs to be the same on all devices.