Hello,
Since upgrading to 20.7 I realised that Suricata is running as a Service, but no Rule is working. There are no intrusion warnings. I only can see in the suricata.log:
Aug 5 16:30:28 heimdall suricata[41433]: [100169] <Notice> -- Stats for 'igb0^': pkts: 160244, drop: 0 (0.00%), invalid chksum: 0
Aug 5 16:30:28 heimdall suricata[457]: [100166] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
Aug 5 16:30:28 heimdall suricata[77385]: [100178] <Warning> -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/opnsense.rules/suricata.rules
Aug 5 16:30:28 heimdall suricata[77385]: [100178] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 5 16:30:29 heimdall suricata[77385]: [101308] <Notice> -- opened netmap:igb0/R from igb0: 0x331cd226000
Aug 5 16:30:29 heimdall suricata[77385]: [101308] <Notice> -- opened netmap:igb0^ from igb0^: 0x331cd226300
Aug 5 16:30:29 heimdall suricata[77385]: [101314] <Notice> -- opened netmap:igb0^ from igb0^: 0x331cd3fd000
Aug 5 16:30:29 heimdall suricata[77385]: [101314] <Notice> -- opened netmap:igb0/T from igb0: 0x331cd3fd300
Aug 5 16:30:29 heimdall suricata[77385]: [100178] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
This file doesn't exist at all: /usr/local/etc/suricata/opnsense.rules/suricata.rules
If I try to download and activate the rules again, I receive this message: Error re configuring the IDS : Error (99)
Any idea whats going on?
I still need help. Anybody here with an idea?
That already worked with 20.1 .
I reinstalled opnsense with default settings to see how it behaves without restore from backup.
Still same result:
M mode
Aug 6 18:32:41 heimdall suricata[56514]: [100179] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 18:32:41 heimdall suricata[56514]: [100194] <Notice> -- opened netmap:igb0/R from igb0: 0x217531fc000
Aug 6 18:32:41 heimdall suricata[56514]: [100194] <Notice> -- opened netmap:igb0^ from igb0^: 0x217531fc300
Aug 6 18:32:41 heimdall suricata[56514]: [100203] <Notice> -- opened netmap:igb0^ from igb0^: 0x2177da84000
Aug 6 18:32:41 heimdall suricata[56514]: [100203] <Notice> -- opened netmap:igb0/T from igb0: 0x2177da84300
Aug 6 18:32:41 heimdall suricata[56514]: [100179] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
Aug 6 19:21:22 heimdall suricata[56514]: [100179] <Notice> -- Signal Received. Stopping engine.
Aug 6 19:21:22 heimdall suricata[56514]: [100179] <Notice> -- Stats for 'igb0': pkts: 215473, drop: 0 (0.00%), invalid chksum: 0
Aug 6 19:21:22 heimdall suricata[56514]: [100179] <Notice> -- Stats for 'igb0^': pkts: 208280, drop: 0 (0.00%), invalid chksum: 0
Aug 6 19:21:23 heimdall suricata[14372]: [100249] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
Aug 6 19:21:23 heimdall suricata[81950]: [100174] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Aug 6 19:21:23 heimdall suricata[81950]: [100550] <Notice> -- opened netmap:igb0/R from igb0: 0x3ced0d59000
Aug 6 19:21:23 heimdall suricata[81950]: [100550] <Notice> -- opened netmap:igb0^ from igb0^: 0x3ced0d59300
Aug 6 19:21:24 heimdall suricata[81950]: [100560] <Notice> -- opened netmap:igb0^ from igb0^: 0x3cee5dfc000
Aug 6 19:21:24 heimdall suricata[81950]: [100560] <Notice> -- opened netmap:igb0/T from igb0: 0x3cee5dfc300
Aug 6 19:21:24 heimdall suricata[81950]: [100174] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.