Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: jlab on January 29, 2023, 08:14:08 PM

Title: OPNSense 23.1 suricata Keeps stopping.
Post by: jlab on January 29, 2023, 08:14:08 PM
Using 23.1 suricata will run for a bit, then just stop. Anything to obviously start looking at ?
Title: Re: OPNSense 23.1 suricata Keeps stopping.
Post by: mimugmail on January 29, 2023, 11:00:20 PM
Any logs via console?
Title: Re: OPNSense 23.1 suricata Keeps stopping.
Post by: jlab on January 29, 2023, 11:15:55 PM
Quote from: mimugmail on January 29, 2023, 11:00:20 PM
Any logs via console?

I actually figured it out, since it was a test box, I installed 22.7 & updated, it did the same thing.

If i enable EVERY Rule Set, it causes issues.  Even on another box thats 200x more powerfull.
Title: Re: OPNSense 23.1 suricata Keeps stopping.
Post by: mimugmail on January 30, 2023, 06:08:48 AM
Better choose them wisely :)
Title: Re: OPNSense 23.1 suricata Keeps stopping.
Post by: endurance on February 05, 2023, 11:17:23 AM
For me surricata causes 100% on surricata and unbound as well after upgrade to 23.1. This even wo any rule activated
https://forum.opnsense.org/index.php?topic=32322.0

if there are any tipps to troubleshoot the behaviour it would be great.
Title: Re: OPNSense 23.1 suricata Keeps stopping.
Post by: kinch on February 11, 2023, 12:29:27 PM
similar issue with suricata after upgrade to 23.1_6. Suricata all rulesets are downloaded without ET PRO.
After boot opnsense successfully and everthing works fine, i have a disconnect on WAN after 5 mins(where is suricata running on) for around 5-10 seconds. this disconnct just happend once after ervery reboot after a uptime from around 5 min. After that, it runs for hours without issues.

edit: mb its bc suricata service starts a little bit delayed and when the service starts, its shutdown the WAN interface for a coupe of seconds.
Text only | Text with Images