Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible bug report: wrong loglevel naming in config generation leads to incorrect suricata.yaml

    Scheduled Pinned Locked Moved
    IDS/IPS
    suricata bug
    2
    3
    315
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      F90
      last edited by F90

      The symptom was all suricata interfaces not starting anymore and producing no logs beside one "starting" info in the syslog.
      Executing

      /usr/local/bin/suricata -i ixl0 -c /usr/local/etc/suricata_1827_ixl0/suricata.yaml

      brought up

      <ERROR> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid Log level: err

      In the config outputs.syslog.level was set to "err". changing it to "error" manually and rerunning the command worked fine.
      This value was set through the Web-GUI under Global Settings -> General Settings -> Log Priority.
      The dropdown menu offers the value ERR, which when selected leads to the above behaviour.
      The Error is 100% reproducible by switching between ERR and some other value.
      This was double checked by testing on following versions:

      • pfsense CE 2.7.0 Stable Release + suricata 6.0.13
      • pfsense CE 2.6.0 Stable Release + suricata 6.0.4_1

      What do you think, is there some mistake on my side I could have missed, or is this a bug in the suricata package?
      If it is, where am I supposed to file an issue?

      Thanks in advance
      Laurenz

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Sounds like perhaps the values the Suricata binary expects to see for that parameter in suricata.yaml might have changed since that area of code was originally written.

        I will check into it, and if necessary, include a fix in the next package update. I have several identified issues to clean up, but waiting a few more days to see what else might be reported.

        Thank you for the report.

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by bmeeks

          This issue is corrected in a forthcoming package update. I've posted a Pull Request for review and merging by the Netgate developer team here: https://github.com/pfsense/FreeBSD-ports/pull/1313. Look for a new 7.0.2 package version to appear soon.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post