OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Bytechanger on February 01, 2022, 07:34:21 am

Title: Error suricata after moving to VM - SC_ERR_INVALID_YAML_CONF_ENTRY(139)
Post by: Bytechanger on February 01, 2022, 07:34:21 am
Hi,

after moving OPNSense from PC to VM all works fine, but only one thing:
Intrusion Detection doesn´t  start, suricata shows following error:

2022-02-01T07:32:17   Error   suricata   [100526] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid mpm algo supplied in the yaml conf file: "hs"

What´s the matter?

Greets

Byte
Title: Re: Error suricata after moving to VM - SC_ERR_INVALID_YAML_CONF_ENTRY(139)
Post by: Lost_Ones on February 14, 2022, 02:28:31 pm
Hello,

Did you end up getting this working?   I moved from qume/kvm to proxmox and I too was having an issue.  My settings for the Pattern Checker was Hyperscan, and when I moved it to the default Aho-Corasick I was back in business.

Regards,

Title: Re: Error suricata after moving to VM - SC_ERR_INVALID_YAML_CONF_ENTRY(139)
Post by: Bytechanger on February 14, 2022, 10:07:30 pm
Hyperscan worked after I set CPU-model from KVM64 to 'Host' and set AES on.
I think it will read out by suricata.

So all worked fine now.

Greets

Byte