4. Snort 3.2.9.1_12 Suppression List Error

Snort 3.2.9.1_12 Suppression List Error

  • A

    Im trying to add an alert to the suppression list and I get this error:

    The following input errors were detected:
Suppress List 'wansuppress_5718cd2549663' is defined for this interface, but it could not be found!

    Happens when trying to add any alert to the suppression list by any method: Source IP, Destination IP or SID.

    Edit to Add: I should also say I just updated Snort from the last version to this current update of 3.2.9.1_12

    0

  • @AR15USR:

    Im trying to add an alert to the suppression list and I get this error:

    The following input errors were detected:
Suppress List 'wansuppress_5718cd2549663' is defined for this interface, but it could not be found!

    Happens when trying to add any alert to the suppression list by any method: Source IP, Destination IP or SID.

    Edit to Add: I should also say I just updated Snort from the last version to this current update of 3.2.9.1_12

    First question:  was this working prior to the upgrade to version 3.2.9.1_12 of the package?  Had you added suppress list entries successfully since you have been on the 2.3 version of pfSense?

    Next, go to the INTERFACE SETTINGS tab and see which Suppress List is actually selected and showing in the drop-down selector.  See what other choices appear in the drop-down.  If you see the list from the error message, select it and save the change using the button at the bottom of the page.

    Post back here if things do not get sorted out.

    Bill

    0
  • A

    First question:  was this working prior to the upgrade to version 3.2.9.1_12 of the package?

    Yes

    Had you added suppress list entries successfully since you have been on the 2.3 version of pfSense?

    I had added some as for testing, and subsequently removed them. There were none in the list at the time of upgrade.

    Next, go to the INTERFACE SETTINGS tab and see which Suppress List is actually selected and showing in the drop-down selector.  See what other choices appear in the drop-down.

    Nothing appeared in the drop down except "default".

    I ended up going through the tabs and saving even if not changing settings. I stopped/restarted the service as well as the Snort WAN Interface. I also uninstalled Squid which I wasn't using at the moment.

    In the end it started working again, not sure exactly which thing got it going but something did. I've since suppressed by IP on a couple of alerts and they added to that same list fine. So it seems to be working now.

    0

  • There was a bug in the Suppress List code early on immediately after the initial Bootstrap version of the package was released.  It was eventually fixed, but it is possible it caused some junk to be left behind in your configuration.

    Bill

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy