Cant get Suricata started on Netgate 3100 after update to 21.05.1

bbowlsbey

Hello

I updated to 21.05.1 on a Netgate SG-3100 last night and cant get Suricata to indicate that the daemon/service is running in general or on either wan or lan interface. Oddly, Suricata is logging alerts on the WAN interface.

Can anyone see what the slow kid is missing? Any setting that I need to tweak to get the Daemon to start or monitor the interfaces?

Appreciate any threads you might be able to suggest that I can start pulling.

bmeeks

You've given us not a single log entry, so there is no possible way to know what might be wrong.

Go to the LOGS VIEW tab, select the suricata.log file in the drop-down there, and post its contents back here. If Suricata is encountering a startup error, it should be logged there.

Also check your pfSense system log under STATUS > SYSTEM LOGS. Post anything Suricata-related back here.

If you are getting current alerts, you may have a zombie process running. Check that with this command run from a shell prompt on the firewall:

ps -ax | grep suricata

If you see any running Suricata processes, kill them.

Edit: Oh, and last thing ... make sure you are running the very latest Suricata package. That will be version 6.0.0_12.