Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata interfaces on HA setup need to be identical

    Scheduled Pinned Locked Moved
    IDS/IPS
    3
    3
    232
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteveITS Rebel Alliance
      last edited by

      Original discussion:
      @SteveITS said in suricata sync:

      @bmeeks said in suricata sync:

      interfaces are configured exactly the same (meaning if LAN is on NIC em1 in the master, it must also be on em1 in all the slaves, etc.).

      Just to clarify, is this a Suricata limitation? It used to be a limitation for pfSense HA state sync but that was removed a few versions back. I took a quick look and our config binds to "<interface>lan</interface>" not "igc0."

      (short answer: yes)

      @bmeeks said in suricata sync:

      Directories would have to be renamed and config.
      xml paths changed

      Perhaps I am misunderstanding but I don't see any paths in config.xml?

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      Bob.DigB bmeeksB 2 Replies Last reply Reply Quote 0
      • S SteveITS referenced this topic on
      • Bob.DigB
        Bob.Dig LAYER 8 @SteveITS
        last edited by Bob.Dig

        @SteveITS They need to be identical, even on non ha-setups, for sync.

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks @SteveITS
          last edited by bmeeks

          @SteveITS said in Suricata interfaces on HA setup need to be identical:

          Perhaps I am misunderstanding but I don't see any paths in config.xml?

          The paths are hard-coded into the template files (and in a few cases the PHP source files themselves). They are not recorded in the config.xml.

          The package source code files for Suricata are here: https://github.com/pfsense/FreeBSD-ports/tree/devel/security/pfSense-pkg-suricata/files/usr/local/pkg/suricata

          and here: https://github.com/pfsense/FreeBSD-ports/tree/devel/security/pfSense-pkg-suricata/files/usr/local/www/suricata

          Feel free to modify them and submit a pull request to add the feature if you would like. Just be sure to fully test the new package with several types of configurations to be sure the migration does not break someone's existing install.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post