Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 3.2.9.1_12 Suppression List Error

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AR15USR
      last edited by

      Im trying to add an alert to the suppression list and I get this error:

      The following input errors were detected:
      Suppress List 'wansuppress_5718cd2549663' is defined for this interface, but it could not be found!
      

      Happens when trying to add any alert to the suppression list by any method: Source IP, Destination IP or SID.

      Edit to Add: I should also say I just updated Snort from the last version to this current update of 3.2.9.1_12


      2.6.0-RELEASE

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @AR15USR:

        Im trying to add an alert to the suppression list and I get this error:

        The following input errors were detected:
        Suppress List 'wansuppress_5718cd2549663' is defined for this interface, but it could not be found!
        

        Happens when trying to add any alert to the suppression list by any method: Source IP, Destination IP or SID.

        Edit to Add: I should also say I just updated Snort from the last version to this current update of 3.2.9.1_12

        First question:  was this working prior to the upgrade to version 3.2.9.1_12 of the package?  Had you added suppress list entries successfully since you have been on the 2.3 version of pfSense?

        Next, go to the INTERFACE SETTINGS tab and see which Suppress List is actually selected and showing in the drop-down selector.  See what other choices appear in the drop-down.  If you see the list from the error message, select it and save the change using the button at the bottom of the page.

        Post back here if things do not get sorted out.

        Bill

        1 Reply Last reply Reply Quote 0
        • A
          AR15USR
          last edited by

          First question:  was this working prior to the upgrade to version 3.2.9.1_12 of the package?

          Yes

          Had you added suppress list entries successfully since you have been on the 2.3 version of pfSense?

          I had added some as for testing, and subsequently removed them. There were none in the list at the time of upgrade.

          Next, go to the INTERFACE SETTINGS tab and see which Suppress List is actually selected and showing in the drop-down selector.  See what other choices appear in the drop-down.

          Nothing appeared in the drop down except "default".

          I ended up going through the tabs and saving even if not changing settings. I stopped/restarted the service as well as the Snort WAN Interface. I also uninstalled Squid which I wasn't using at the moment.

          In the end it started working again, not sure exactly which thing got it going but something did. I've since suppressed by IP on a couple of alerts and they added to that same list fine. So it seems to be working now.


          2.6.0-RELEASE

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            There was a bug in the Suppress List code early on immediately after the initial Bootstrap version of the package was released.  It was eventually fixed, but it is possible it caused some junk to be left behind in your configuration.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.