Hello All,
Under IDS/Administration/Alerts, the logs are rotating but show empty since the upgrade to 19.1 (system was rock solid before the upgrade).
The /var/log/suricata/eve.json are empty, the stats.log accumulate the starts as normal.
So far, i've restarted the service, deactivated syslog and re-activated it.
under the IDS/Log file i see those errors
ERRCODE: SC_WARN_FLOWBIT(306)
Any help is appreciated
Jon
Hello,
Try to deactivate Snort VRT rules.
I was using the 29120 version, and it seems suricata does not love it.
Since giving up snort rules, no more ERRCODE: SC_WARN_FLOWBIT(306) and suricata just works well.
Bertrand
I have the same issue and I don't have the snort rules even installed. I'm using the ET Telemetry edition with a couple of the opnsense rules.
No error in the log for suricata either that I could see. I even tried causing some alerts by using the opnsense social media ruleset and it won't pickup anything in the log either.
Only using some abuse and some ET for rulesets. So no snort here either.
I'm surprised this thread went quiet because I'm still not seeing alerts on 19.1.2, except for "ET INFO Session Traversal Utilities for NAT (STUN Binding Request)". That's the only thing I saw all of Feb, while usually I see a lot of activity in the alerts list.
Using ET Telemetry and abuse.ch rules, tried both Aho-Corasick and Hyperscan, no difference.
Did it start working for the other people that posted here?
Still broken here. Since there's so few answers, i'll probably do a fresh install over a weekend and restore my backup. I suspect it may not impact everyone so likely something got weird in the upgrade process to 19.
I'll follow up my post when/if i have resolve.
Sol
I just noticed the same behavior, tried reinstalling but nothing changed
Same issue here, started also a thread https://forum.opnsense.org/index.php?topic=11901.0
br
Still didnt have time to get around doing an upgrade.
My setup does not use pppoe, it's plain ethernet from the modem so IPS should be working.
Sol