Recovery help with suricata sid management
-
I've managed to get my pfsense system into a point where the web interface isnt working and someone the standard console isn't working, but it is at least taking me direct to the linux console. I'm planning on just flashing a new image to it and have the config xml backups saved, but I realized that the suricata sid management files are not in the xml file.
Does anyone know where that data is stored? I should, but don't have them stored locally and really don't want to have to retune everything after I restore.
Other than suricata sid management, are there any other packages that don't save everything in the config.xml file?
-
@sgnoc said in Recovery help with suricata sid management:
I've managed to get my pfsense system into a point where the web interface isnt working and someone the standard console isn't working, but it is at least taking me direct to the linux console. I'm planning on just flashing a new image to it and have the config xml backups saved, but I realized that the suricata sid management files are not in the xml file.
Does anyone know where that data is stored? I should, but don't have them stored locally and really don't want to have to retune everything after I restore.
Other than suricata sid management, are there any other packages that don't save everything in the config.xml file?
Suricata does in fact save all of the SID management customizations in the XML file. It saves them as Base64 encoded data, so you won't find them as cleartext, but they are there. Same for Snort, too.
The IDS/IPS packages have been saving the SID MGMT data in the
config.xml
for a few years now. The sample files get reinstalled when the package is reinstalled (or updated). -
@bmeeks Ok, thanks! I read in an older forum post about the data not getting saved, so that's good news. I'll go forward with the reinstall and hopefully everything comes back up with minimal work.
-
@bmeeks Worked like a charm. Minimal to have to do once everything came back up. Even easier with the reinstall feature where the installer can grab the old config and reinstall it after the software is installed. I checked and all of the sid management back back where it needed to be. Thanks again.
-
@sgnoc said in Recovery help with suricata sid management:
@bmeeks Worked like a charm. Minimal to have to do once everything came back up. Even easier with the reinstall feature where the installer can grab the old config and reinstall it after the software is installed. I checked and all of the sid management back back where it needed to be. Thanks again.
You are welcome. Glad you got everything going again.
The IDS/IPS packages save all of their configuration information in the XML file, so all previous settings can be restored upon reinstallation of the package (or from a restore/recovery procedure).