OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: W0nderW0lf on August 06, 2020, 08:09:51 pm
-
Hello,
I have trouble getting Suricata running on a fresh installation.
I've tried many things so far, but none helped.
No rules are loading, but you can download, enable drop and activate the rule.
The logs and tests I tried:
root@heimdall:/usr/local/etc/suricata # cat /var/log/suricata.log
Aug 6 18:07:04 heimdall suricata[46670]: [100102] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
Aug 6 18:07:05 heimdall suricata[87016]: [100323] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 18:07:05 heimdall suricata[87016]: [100323] <Notice> -- all 1 packet processing threads, 4 management threads initialized, engine started.
Aug 6 18:07:18 heimdall suricata[87016]: [100323] <Notice> -- Signal Received. Stopping engine.
Aug 6 18:07:18 heimdall suricata[87016]: [100323] <Notice> -- Stats for 'igb0': pkts: 61, drop: 0 (0.00%), invalid chksum: 0
Aug 6 18:07:18 heimdall suricata[21384]: [100212] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
Aug 6 18:07:19 heimdall suricata[44602]: [100104] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 18:07:19 heimdall suricata[44602]: [100941] <Notice> -- opened netmap:igb0/R from igb0: 0x50b46499000
Aug 6 18:07:19 heimdall suricata[44602]: [100941] <Notice> -- opened netmap:igb0^ from igb0^: 0x50b46499300
Aug 6 18:07:19 heimdall suricata[44602]: [100950] <Notice> -- opened netmap:igb0^ from igb0^: 0x50b7075b000
Aug 6 18:07:20 heimdall suricata[44602]: [100950] <Notice> -- opened netmap:igb0/T from igb0: 0x50b7075b300
Aug 6 18:07:20 heimdall suricata[44602]: [100104] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
Aug 6 18:07:26 heimdall suricata[44602]: [100104] <Notice> -- rule reload starting
Aug 6 18:07:26 heimdall suricata[44602]: [100104] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 18:07:26 heimdall suricata[44602]: [100104] <Notice> -- rule reload complete
Aug 6 18:30:45 heimdall suricata[44602]: [100104] <Notice> -- Signal Received. Stopping engine.
Aug 6 18:30:45 heimdall suricata[44602]: [100104] <Notice> -- Stats for 'igb0': pkts: 96840, drop: 0 (0.00%), invalid chksum: 0
Aug 6 18:30:45 heimdall suricata[44602]: [100104] <Notice> -- Stats for 'igb0^': pkts: 95180, drop: 0 (0.00%), invalid chksum: 0
Aug 6 18:32:40 heimdall suricata[23253]: [100190] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
Aug 6 18:32:41 heimdall suricata[56514]: [100179] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 18:32:41 heimdall suricata[56514]: [100194] <Notice> -- opened netmap:igb0/R from igb0: 0x217531fc000
Aug 6 18:32:41 heimdall suricata[56514]: [100194] <Notice> -- opened netmap:igb0^ from igb0^: 0x217531fc300
Aug 6 18:32:41 heimdall suricata[56514]: [100203] <Notice> -- opened netmap:igb0^ from igb0^: 0x2177da84000
Aug 6 18:32:41 heimdall suricata[56514]: [100203] <Notice> -- opened netmap:igb0/T from igb0: 0x2177da84300
Aug 6 18:32:41 heimdall suricata[56514]: [100179] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
Aug 6 19:21:22 heimdall suricata[56514]: [100179] <Notice> -- Signal Received. Stopping engine.
Aug 6 19:21:22 heimdall suricata[56514]: [100179] <Notice> -- Stats for 'igb0': pkts: 215473, drop: 0 (0.00%), invalid chksum: 0
Aug 6 19:21:22 heimdall suricata[56514]: [100179] <Notice> -- Stats for 'igb0^': pkts: 208280, drop: 0 (0.00%), invalid chksum: 0
Aug 6 19:21:23 heimdall suricata[14372]: [100249] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
Aug 6 19:21:23 heimdall suricata[81950]: [100174] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 19:21:23 heimdall suricata[81950]: [100550] <Notice> -- opened netmap:igb0/R from igb0: 0x3ced0d59000
Aug 6 19:21:23 heimdall suricata[81950]: [100550] <Notice> -- opened netmap:igb0^ from igb0^: 0x3ced0d59300
Aug 6 19:21:24 heimdall suricata[81950]: [100560] <Notice> -- opened netmap:igb0^ from igb0^: 0x3cee5dfc000
Aug 6 19:21:24 heimdall suricata[81950]: [100560] <Notice> -- opened netmap:igb0/T from igb0: 0x3cee5dfc300
Aug 6 19:21:24 heimdall suricata[81950]: [100174] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
Aug 6 19:34:38 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:976 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:34:38 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:1659 uses unknown classtype: "pup-activity", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:34:38 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:1814 uses unknown classtype: "coin-mining", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:34:38 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2671 uses unknown classtype: "exploit-kit", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:34:38 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3170 uses unknown classtype: "targeted-activity", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:34:38 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3265 uses unknown classtype: "social-engineering", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:34:40 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:6006 uses unknown classtype: "external-ip-check", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:34:42 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10583 uses unknown classtype: "domain-c2", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:34:44 heimdall suricata[69483]: [100090] <Warning> -- [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:13130 uses unknown classtype: "credential-theft", using default priority 3. This message won't be shown again for this classtype
Aug 6 19:37:38 heimdall suricata[16581]: [100255] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
Aug 6 19:37:38 heimdall suricata[16581]: [100255] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 19:37:38 heimdall suricata[16581]: [100255] <Notice> -- Configuration provided was successfully loaded. Exiting.
Aug 6 19:38:00 heimdall suricata[81950]: [100174] <Notice> -- Signal Received. Stopping engine.
Aug 6 19:38:01 heimdall suricata[81950]: [100174] <Notice> -- Stats for 'igb0': pkts: 6495, drop: 0 (0.00%), invalid chksum: 0
Aug 6 19:38:01 heimdall suricata[81950]: [100174] <Notice> -- Stats for 'igb0^': pkts: 4359, drop: 0 (0.00%), invalid chksum: 0
Aug 6 19:38:01 heimdall suricata[74128]: [100218] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
Aug 6 19:38:01 heimdall suricata[34577]: [100118] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 19:38:02 heimdall suricata[34577]: [100712] <Notice> -- opened netmap:igb0/R from igb0: 0x7439affd000
Aug 6 19:38:02 heimdall suricata[34577]: [100712] <Notice> -- opened netmap:igb0^ from igb0^: 0x7439affd300
Aug 6 19:38:02 heimdall suricata[34577]: [100723] <Notice> -- opened netmap:igb0^ from igb0^: 0x743c5861000
Aug 6 19:38:02 heimdall suricata[34577]: [100723] <Notice> -- opened netmap:igb0/T from igb0: 0x743c5861300
Aug 6 19:38:02 heimdall suricata[34577]: [100118] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
Aug 6 19:40:15 heimdall suricata[34577]: [100118] <Notice> -- Signal Received. Stopping engine.
Aug 6 19:40:16 heimdall suricata[34577]: [100118] <Notice> -- Stats for 'igb0': pkts: 879, drop: 0 (0.00%), invalid chksum: 0
Aug 6 19:40:16 heimdall suricata[34577]: [100118] <Notice> -- Stats for 'igb0^': pkts: 884, drop: 0 (0.00%), invalid chksum: 0
CLOG�"��root@heimdall:/usr/local/etc/suricata # ps aux | grep suricata
root 53887 0.0 0.0 1060980 3200 0 R+ 20:01 0:00.00 grep suricata
root@heimdall:/usr/local/etc/suricata # suricata -T
6/8/2020 -- 20:04:02 - <Info> - Running suricata under test mode
6/8/2020 -- 20:04:02 - <Info> - Including configuration file installed_rules.yaml.
6/8/2020 -- 20:04:02 - <Info> - Configuration node 'rule-files' redefined.
6/8/2020 -- 20:04:02 - <Info> - Including configuration file custom.yaml.
root@heimdall:/usr/local/etc/suricata #
I reinstalled suricata, removed the yaml. Stopped the service and tried to activate the rules that way ... nothin... Its unable to Load the rules....
-
Of all the problems I've had with 20.7 getting rules loaded isn't one of them. Did you do the "download and update rules" on the download tab? I don't think simply enabling actually does anything until they are downloaded.
-
Did you also enable the rules?