1
Intrusion Detection and Prevention / Activating IDS looses network connection
« on: November 02, 2019, 06:13:17 pm »
Hi.
I'm new to OPNsense - very very impressed, and donation sent
I've been running OPNsense for about a week without issues, during this time IDS also has been working fine.
Unsure if its related, but yesterday i installed Sensei - and the OPN lost network connection - i was unable to log on to the webgui at all (of course).
Switching to the console monitor directly on the OPN hardware there was thousands of these flowing over the screen:
[1766] netmap_ring_init called for em2 RX1
[1721] nm rxsync prologue
I was struggling since these messages occupied the whole screen while scrolling.
Rebooting the FW i was able to ping internet from my pc a couple of seconds before the messages broke loose again - blocking me out.
"blinded" i logged on to the console - typed "service suricata stop".
All communication returned to normal.
Starting suricata service - all error messages returned.
I'm now running with IDS deactivated.
Question:
Are there conflicts running IDS and Sensei together - could that be the fault i made?
PS: The IDS log-file has a lot of these, when i try to activate it:
suricata[67911]: [100552] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading data from iface 'em2': (0u) No error: 0
Any advice or tips are appreciated
Today i upgraded to 19.7.6 - issue unresolved.
I'm new to OPNsense - very very impressed, and donation sent
I've been running OPNsense for about a week without issues, during this time IDS also has been working fine.
Unsure if its related, but yesterday i installed Sensei - and the OPN lost network connection - i was unable to log on to the webgui at all (of course).
Switching to the console monitor directly on the OPN hardware there was thousands of these flowing over the screen:
[1766] netmap_ring_init called for em2 RX1
[1721] nm rxsync prologue
I was struggling since these messages occupied the whole screen while scrolling.
Rebooting the FW i was able to ping internet from my pc a couple of seconds before the messages broke loose again - blocking me out.
"blinded" i logged on to the console - typed "service suricata stop".
All communication returned to normal.
Starting suricata service - all error messages returned.
I'm now running with IDS deactivated.
Question:
Are there conflicts running IDS and Sensei together - could that be the fault i made?
PS: The IDS log-file has a lot of these, when i try to activate it:
suricata[67911]: [100552] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading data from iface 'em2': (0u) No error: 0
Any advice or tips are appreciated
Today i upgraded to 19.7.6 - issue unresolved.