Suricata Pfsense 2.2.2
-
Gentlemen:
A heads up with respect to Suricata. I have Suricata the most current verison (Pfsense Package List) installed. It does not seem to run correctly with Pfsense 2.2.2. It installs, updates, a shows to be running but registers no alerts in a period of hours. We have a 100 M/s fiber connect so there is more than ample traffic. I reverted to Pfsense 2.2 and apparent normal operation returns.
I have and additional question. When using Pfsense 2.2 and Suricata the following alerts are produced
SURICATA STREAM ESTABLISHED retransmission packet before last ack
Show I add these to a suppress list? What caused this repeating messages? Can I fix this issue?
Thanks for any help
G. Howard Krauss
-
Gentlemen:
A heads up with respect to Suricata. I have Suricata the most current verison (Pfsense Package List) installed. It does not seem to run correctly with Pfsense 2.2.2. It installs, updates, a shows to be running but registers no alerts in a period of hours. We have a 100 M/s fiber connect so there is more than ample traffic. I reverted to Pfsense 2.2 and apparent normal operation returns.
I have and additional question. When using Pfsense 2.2 and Suricata the following alerts are produced
SURICATA STREAM ESTABLISHED retransmission packet before last ack
Show I add these to a suppress list? What caused this repeating messages? Can I fix this issue?
Thanks for any help
G. Howard Krauss
That alert is from the Suricata stream processor. You will the triggering rule and many others in the stream-events.rules file (look on the CATEGORIES tab and then select stream-events in the drop-down). You can disable that rule and any others that you consider false positives or noise. Suricata is extraordinarily chatty with these stream alerts.
Bill
