OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: Free_Norway on September 09, 2017, 11:10:53 am
-
Hi all
First I want to thank the OPNsense Team for the excellent work they are doing, this is an amazing product.
I have a problem with suricata.
After some small changes in the configuration(don't really remember what I changed), suricata doesn't want to start.
I have tried disabling it and reboot, changing the settings back and forth, reinstall suricata....
but nothing helps.
When I try to start it from the GUI, the following lines appear in the log:
Sep 9 11:08:08 configd.py: [f7917fa0-b5e3-4953-8317-1094d29ece73] returned exit status 1
Sep 9 11:08:08 root: /usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
Sep 9 11:08:08 configd.py: [f7917fa0-b5e3-4953-8317-1094d29ece73] start suricata daemon
Since I'm no expert, I really don't know what it means.
Help please! :)
-
This tells nothing useful. Can you try to run surricata from command line? Maybe it shows an error message.
-
Hi Fabian
Thanks for the reply.
I'am not shure this is the right command, but it produced the same output
#service suricata restart
suricata not running? (check /var/run/suricata.pid).
Starting suricata.
9/9/2017 -- 12:13:31 - <Info> - Including configuration file installed_rules.yaml.
/usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
Are there other commands I can try?
Regards
Seb
-
In the IDS GUI the button "download & update rules" should fix this.
It's trying to load rules that are not installed.
Cheers,
Franco
-
Tried, but its still the same.
Is it possible to reset/delete things in the suricata folder to trigger the creation of new files?
-
Does this also happen when you uncheck all rulesets and apply?
-
Still the same result.
All i have tried doesnt help.
-
Since it's an VM, i did an new install to fix the problem.
I did encounter the same problem once more after an unclean shutdown.
Maybe that was the problem
-
I have exaclty the same problem, what shoud I do to solve it without reinstalling ?
-
Sep 13 20:04:58 configd.py: [bb017f81-26c1-45ae-8da5-5808c6bbb58b] returned exit status 1
Sep 13 20:04:58 root: /usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
Sep 13 20:04:58 configd.py: [bb017f81-26c1-45ae-8da5-5808c6bbb58b] start suricata daemon
Sep 13 20:04:57 configd.py: [445854f1-64f9-4d4a-8b6d-cdec3b8d848f] request pfctl byte/packet counters
Sep 13 20:04:43 configd.py: [cf60e5e4-afcf-4ba0-b5dd-88b8d0f1b298] request installable rules
Sep 13 20:04:43 configd.py: [cabead5f-9c8e-494f-ad01-b6b0e14e56bd] request installable rules
Sep 13 20:04:41 configd.py: [374cd2e9-4508-4e01-87fb-5315de5f0683] get suricata daemon status
-
I had the problem after an unclean shutdown - the pid file didn't get deleted / or still was there and suricata refused to start .
After deleting the file /var/run/suricata.pid it worked again
-
Thanks, after removing the file it works again :)
-
glad to here it worked ;)
-
Incidentally, 17.7.2 now clears all of /var/run on boot so this should never happen again. Sorry for the hiccup!
Cheers,
Franco