Bug tracker for the Snort/Suricata GUI?

Guest

Is there a bug tracker for the Snort/Suricata GUI or are bugs just discussed here on the forum?

Regards,

Emanuel

jimp

Discuss on the forum, if a bug is confirmed, then one can be opened on https://redmine.pfsense.org under "pfSense packages" with "snort" as the category. But please don't open a bug until it has been confirmed.

Guest

Thanks! It looks like it wasn't used too much, only 2 documented bugs and both of them created this month.

@Bill, how did you manage the bugs for snort/suricata in the past? Do you keep a separate bug tracker or will you use the "pfsense packages" redmine bugtracker in the future?

bmeeks

@somosane:

Thanks! It looks like it wasn't used too much, only 2 documented bugs and both of them created this month.

@Bill, how did you manage the bugs for snort/suricata in the past? Do you keep a separate bug tracker or will you use the "pfsense packages" redmine bugtracker in the future?

I have used forum reports and the redmine bug tracker.  When I collect forum reports from users, I just store those locally on my PC in a file.  Not very formal, I admit.  The redmine pfSense-packages site is a better place for confirmed bugs.

Bill

Wisiwyg

Looking for bug tracking for Suricata and found this. Postings indicate better to post issue here rather than Redmine until it is confirmed… so...

I've installed Suricata 3.0x for pfSense 2.9x several times to try to get the latest updates and trying features. On initial install, going to SID_MGMT I can edit one of the examples and set my WAN settings for DROP to point to DROPSID.CONF. If I exit and come back, all of the example.conf files are gone as well as the recently created dropsid.conf. And the drop down selection for DROP is now empty.

If I try to add a new file via the editor, an error across the top states:

Warning: file_put_contents(/var/db/suricata/sidmods/dropsid.conf): failed to open stream: No such file or directory in /usr/local/www/suricata/suricata_sid_mgmt.php on line 156 Call Stack: 0.0000 239976 1. {main}() /usr/local/www/suricata/suricata_sid_mgmt.php:0 0.0160 1320496.2 file_put_contents() /usr/local/www.suricata.suricata_sid_mgmt.php:156

I assume this is known, but couldn't find a recent note in the forum about it or about a fix. Console in and /usr/local/www/suricata/suricata_sid_mgmt.php does exist.

Please let me know if there is a fix I can apply. Hopefully you're already aware, have confirmed, and are including the fix in an upcoming release. TIA

bmeeks

@Wisiwyg:

Looking for bug tracking for Suricata and found this. Postings indicate better to post issue here rather than Redmine until it is confirmed… so...

I've installed Suricata 3.0x for pfSense 2.9x several times to try to get the latest updates and trying features. On initial install, going to SID_MGMT I can edit one of the examples and set my WAN settings for DROP to point to DROPSID.CONF. If I exit and come back, all of the example.conf files are gone as well as the recently created dropsid.conf. And the drop down selection for DROP is now empty.

If I try to add a new file via the editor, an error across the top states:

Warning: file_put_contents(/var/db/suricata/sidmods/dropsid.conf): failed to open stream: No such file or directory in /usr/local/www/suricata/suricata_sid_mgmt.php on line 156 Call Stack: 0.0000 239976 1. {main}() /usr/local/www/suricata/suricata_sid_mgmt.php:0 0.0160 1320496.2 file_put_contents() /usr/local/www.suricata.suricata_sid_mgmt.php:156

I assume this is known, but couldn't find a recent note in the forum about it or about a fix. Console in and /usr/local/www/suricata/suricata_sid_mgmt.php does exist.

Please let me know if there is a fix I can apply. Hopefully you're already aware, have confirmed, and are including the fix in an upcoming release. TIA

I don't think your problem is a bug in the code.  Your firewall is literally missing some or most of the required program code files for the package.  Remove the package completely, then install it again.

Are you by chance trying to use Suricata on a NanoBSD installation?  If so, I strongly advise against that.  There is not enough RAM Disk space on Nano installs to reliably support a package like Suricata or Snort.

Hopefully it's just a typo in your post, but there is no such thing as pfSense 2.9.  Maybe you mean 2.3.  Your problem is an incomplete package installation and not a bug – of that I'm pretty confident.  The fact the file is literally missing on your system is proof of the package installation failure.

Bill

Wisiwyg

Yes 2.3… I'm not sure about missing code - the .conf files were there on first edit, but then gone on later access.

I wiped the installation and started over. With the new install, noted the 3.0_7 release. I'm new at this so just trying to figure things out.

One of the issues I had trouble with was setting up Suricata to look at LAN traffic. If you have time, would you please create a 'how-to' and sticky it for the 2 most common implementation: WAN side and LAN side? You have a brief how-to on WAN that is now buried in older posts that helped me earlier. Thank you for all!

edit: After full reinstall the same problem exists. This is a fresh install of pfSense 2.3.1-Development and the 3.0_7 Suricata. The .conf examples were there to start, then after editing the example and saving as dropsid.conf, exiting the tab, then coming back to the tab they're all gone, including dropsid.conf. Standard pfSense x64, standard kernel. The error message I posted earlier is repeated. If you believe the problem is introduced by the 2.3.1 Dev version, I'll go back to the 2.3 Release and try again there. Please comment if you believe this is part of the issue.

hardware: Dell 790 SFF, i5 quad, 8gb, 80gb SSD, em0-em4 (internal -WAN, quad - 1-LAN, 2-Bridge to LAN, 3/4 LAGG to Switch)

TIA!

bmeeks

@Wisiwyg:

Yes 2.3… I'm not sure about missing code - the .conf files were there on first edit, but then gone on later access.

I wiped the installation and started over. With the new install, noted the 3.0_7 release. I'm new at this so just trying to figure things out.

One of the issues I had trouble with was setting up Suricata to look at LAN traffic. If you have time, would you please create a 'how-to' and sticky it for the 2 most common implementation: WAN side and LAN side? You have a brief how-to on WAN that is now buried in older posts that helped me earlier. Thank you for all!

edit: After full reinstall the same problem exists. This is a fresh install of pfSense 2.3.1-Development and the 3.0_7 Suricata. The .conf examples were there to start, then after editing the example and saving as dropsid.conf, exiting the tab, then coming back to the tab they're all gone, including dropsid.conf. Standard pfSense x64, standard kernel. The error message I posted earlier is repeated. If you believe the problem is introduced by the 2.3.1 Dev version, I'll go back to the 2.3 Release and try again there. Please comment if you believe this is part of the issue.

hardware: Dell 790 SFF, i5 quad, 8gb, 80gb SSD, em0-em4 (internal -WAN, quad - 1-LAN, 2-Bridge to LAN, 3/4 LAGG to Switch)

TIA!

Is this a NanoBSD installation or are you running a conventional full install on either a hard disk or SSD?  Nano is a very different animal for packages and I do not recommend running Suricata or Snort on a NanoBSD install.  Not enough disk space on the RAM Disks and the partitions are not always in R/W mode.

I have not tested on the 2.3.1-Development version, so I am not sure what versions it may be pulling in for the Suricata package files.  They should be the same as production since the version number matches.

If you want to have a go at 2.3-RELEASE and then install Suricata there, that might be the best solution.

Wisiwyg

Not Nano - full standard install from .iso onto 90gb SSD.

Yes, I did a complete wipe and installed 2.3 Release, then set up pfBlockerNG and Suricata. I couldn't get suricata to work at all. I disabled it, installed Snort, set up and it is working. Then, I upgraded to 2.3.1 Dev and it is still all working.

I think i may have the netmap issues going on. I'll wait until problem is solved before tackling Suricata again. Thank you for your help and your comments in other threads about issues with netmap.