OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: Julien on June 21, 2021, 01:36:12 am
-
Hi guys,
i hope someone can point me to the right directions, ive been using IDS for over 2 years,
last day we updated the box to the 21.1.7 sinds than Suricata keeps crashing with the below log.
it stops the service and have to start it manually
thank you
2021-06-21T01:34:42
suricata[35325]
[100280] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2021-06-21T01:34:42
suricata[35325]
[101369] <Notice> -- opened netmap:em0/T from em0: 0x3e8cf080300
2021-06-21T01:34:42
suricata[35325]
[101369] <Notice> -- opened netmap:em0^ from em0^: 0x3e8cf080000
2021-06-21T01:34:42
suricata[35325]
[100225] <Notice> -- opened netmap:em0^ from em0^: 0x3e8ce0af300
2021-06-21T01:34:41
suricata[35325]
[100225] <Notice> -- opened netmap:em0/R from em0: 0x3e8ce0af000
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.http.binary' is checked but not set. Checked in 2820208 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 0 other sigs
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 2 other sigs
2021-06-21T01:33:13
suricata[21102]
[100286] <Notice> -- This is Suricata version 5.0.6 RELEASE running in SYSTEM mode
2021-06-20T03:01:09
suricata[29540]
[100253] <Notice> -- rule reload complete
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.http.binary' is checked but not set. Checked in 2820208 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 0 other sigs
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 2 other sigs
2021-06-20T03:00:08
suricata[29540]
[100253] <Notice> -- rule reload starting
-
Anyone got a idea why is this happening?
the IDS keeps shutting down it self.
-
Development Stream?
-
Development Stream?
if you mean if i am running a development firmware no,
is too bad no where here a documentation how to configure this thing.
-
anyone here can advise why it keeps crashing when i enable it ?