Suricata Dashboard not updating…
-
I started by setting up Suricata on the Wan interface. It is still running fine, and the log file shows recent activity.
I later set up Suricata on the Lan interface. I had some stability trouble with that so I disabled it a few days ago.
The Suricata Dashboard is only showing the Lan log items from a few days ago and none of the more recent WAN items. If I click on the little wrench icon, my only choice is the number of items to display, I'm not given a choice on which interfaces I'm interested in seeing, so I'm not sure why the WAN items are being omitted. Bug?
-
I assume you are talking about the Dashboard Widget?
If you are then I noticed the same thing when I added three new interfaces to my single interface Suricata setup yesterday. My LAN interface (the original interface I had setup) stopped showing alerts in the Widget anymore. The three new ones did for a short time but now nothing is updating. I'm not seeing any errors anywhere but might have missed them. I do see alerts on the Suricata Alert page. Since I reconfigured Suricata I have updated to the latest RC and rebooted and still have this issue.
Hopefully Bill will come to the rescue and help us figure out what is going on.
-
I thought I also noticed the Snort Dashboard Widget not updating in one of my test virtual machines last night.I will take a look. May have to call in the calvary from the pfSense developer team to have a look.Edit to the earlier statement. A new look this evening verified the Dashboard Widget for Snort is indeed updating. I have a virtual machine running the 3.2.9.1_9 version of the GUI package.
Bill
-
Bill,
I've had another look at my widget data. It looks like the data is updating (expanded to 25 rows) but it's not sorted properly. Old alerts are sitting below newer ones. I can send some data through to you if you want.
Greg
-
Bill,
I've had another look at my widget data. It looks like the data is updating (expanded to 25 rows) but it's not sorted properly. Old alerts are sitting below newer ones. I can send some data through to you if you want.
Greg
In the widget, old alerts should be at the bottom. In other words, the widget sorts the alerts in descending order by time with the most recent alert at the top of the list. Is that not what you are seeing?
Bill
-
Sorry I had that the wrong way around. Yes new ones appear at the bottom but the newest ones aren't visible if I have only 5 items set for the widget. Some alerts aren't shown at all.
I've sent you an email with the alert logs and what the widget is showing.
Greg
-
I can confirm, oldest are at the top.
-
I have @gsiemon's logs and will work on this over the weekend. There are some other issues on the ALERTS tab as well that I have fixed already. I will bundle everything up into a single update and post it within a few days.
Bill
