OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: TomK on September 03, 2020, 02:36:50 am

Title: netflow traffic graphing not working
Post by: TomK on September 03, 2020, 02:36:50 am: Since I enabled ids/ips the traffic on the interfaces chosen is no longer graphing on the netflow traffic graph.

Any way to have both ids/ips and graphing?

OPNsense 20.7.2
Suricata 5.0.3 running in system mode
Title: Re: netflow traffic graphing not working
Post by: Wyka on November 27, 2020, 08:28:02 am: OPNsense Java jar file domyhomeworkonline.net (https://domyhomeworkonline.net/do-my-java-homework.php)

Hello,

Have you tried to configure Suricata for both IPS and IDS on different set of network ports?
Here's the topic on the suricata forum:

https://forum.suricata.io/t/suricata-configuration-for-ips-and-ids-mode/173
Title: Re: netflow traffic graphing not working
Post by: Wyka on November 27, 2020, 08:28:48 am: Btw, I also used Bro (Zeek) and then Snort a couple of months ago.
I upgraded Suricata to 20.7 and received an error message: Error re configuring the IDS : Error (99) It was related to the Netmap issues, as it turned out.
Title: Re: netflow traffic graphing not working
Post by: mimugmail on November 27, 2020, 08:50:19 am: Quote from: TomK on September 03, 2020, 02:36:50 am
Since I enabled ids/ips the traffic on the interfaces chosen is no longer graphing on the netflow traffic graph.

Any way to have both ids/ips and graphing?

OPNsense 20.7.2
Suricata 5.0.3 running in system mode

Known issue since 20.7, it only works on interfaces without netmap (Sensei, Suricata)
Title: Re: netflow traffic graphing not working
Post by: axel2078 on December 11, 2020, 04:42:34 pm: Quote from: mimugmail on November 27, 2020, 08:50:19 am
Quote from: TomK on September 03, 2020, 02:36:50 am
Since I enabled ids/ips the traffic on the interfaces chosen is no longer graphing on the netflow traffic graph.

Any way to have both ids/ips and graphing?

OPNsense 20.7.2
Suricata 5.0.3 running in system mode

Known issue since 20.7, it only works on interfaces without netmap (Sensei, Suricata)

Is this a bug in OPNsense, or somewhere else? Is it something that can be fixed?
Title: Re: netflow traffic graphing not working
Post by: mimugmail on December 11, 2020, 05:21:02 pm: It's not a bug, it's a known issue.
Title: Re: netflow traffic graphing not working
Post by: xalib on December 17, 2020, 12:35:06 pm: Quote from: mimugmail on December 11, 2020, 05:21:02 pm
It's not a bug, it's a known issue.

Does this mean it will get fixed in the future?

Is there a workaround?
Title: Re: netflow traffic graphing not working
Post by: mimugmail on December 17, 2020, 03:48:58 pm: Workaround is to disable IPS/Sensei on the interface where you want to catch graphs, like switching from WAN to LAN.

There may be a fix out one day, but noone is working on it at high pressure
Title: Re: netflow traffic graphing not working
Post by: Matriciel on December 23, 2020, 11:59:27 am: shame ... it is a problem form me ....