Messages

1

20.7 Legacy Series / Suricata causes HA Carp VIP failover

« on: December 23, 2020, 12:58:23 pm »

I was trying to find out why every day I get a CARP failover and finally figured out that it happens right after Suricata rules are download and suricata (Promiscuous-Mode) is restarted (stopped part of it specifically I think).  The firewalls failover to the secondary and then not back again.  This happens on the two OPNsense 20.7.7_1-amd64 cluster systems that I have installed on hardware platforms (dell).

Suricata is in IPS Mode

2

Intrusion Detection and Prevention / Re: Error reconfiguring IDS: Error (1) / Hyperscan: Error installing ids rules (1)

« on: September 27, 2020, 01:29:07 am »

I updated to 7.3

The problem is still not corrected. There are errors when updating Suricata rules.

It there any solution?

3

Intrusion Detection and Prevention / Re: Error reconfiguring IDS: Error (1) / Hyperscan: Error installing ids rules (1)

« on: September 05, 2020, 07:21:48 pm »

Any fixes for this error?

4

Intrusion Detection and Prevention / Re: Error reconfiguring IDS: Error (1) / Hyperscan: Error installing ids rules (1)

« on: September 03, 2020, 10:40:41 am »

New Error Message

5

Intrusion Detection and Prevention / Re: Error reconfiguring IDS: Error (1) / Hyperscan: Error installing ids rules (1)

« on: September 03, 2020, 09:36:45 am »

i tried to uncheck all interfaces and checkt again but the error still exists

6

Intrusion Detection and Prevention / Re: Error reconfiguring IDS: Error (1) / Hyperscan: Error installing ids rules (1)

« on: September 02, 2020, 08:40:50 am »

Same problem

7

Intrusion Detection and Prevention / Re: Suricata Error (1) when Downloading the Rules

« on: September 02, 2020, 08:39:19 am »

You can see in the screenshot that the service is running.

8

Intrusion Detection and Prevention / Re: Suricata Error (1) when Downloading the Rules

« on: September 02, 2020, 08:33:31 am »

Still same Error and nothing in the logs

9

Intrusion Detection and Prevention / Suricata Error (1) when Downloading the Rules

« on: September 02, 2020, 12:17:41 am »

I became Suricata Error (1) when i try to download the actual rules.

10

20.7 Legacy Series / Re: IDS/IPS Restart / Reboot /Rule Change

« on: September 01, 2020, 05:45:39 pm »

I have set "ET SCAN Suspicious inbound to MSSQL port 1433" to Alarm only.
Butt the Suricata is still blocking. What must i make after change Rules / Rulesets.

Suricata doesnt use the new Rules.

I have already the Apply Button on Rules and also the Download and apply button. 

11

20.7 Legacy Series / Re: IDS/IPS Restart / Reboot /Rule Change

« on: September 01, 2020, 10:15:02 am »

No body an Idea?

12

20.7 Legacy Series / IDS/IPS Restart / Reboot /Rule Change

« on: August 31, 2020, 06:44:55 pm »

Does the Suricata service have to restart or does the firewall have to be completely restarted?

I change rules and they don't work until I restart everything

13

20.1 Legacy Series / NtopNG Error since Update (OPNsense 20.1.8_1-amd64)

« on: July 07, 2020, 06:17:40 pm »

We have NtopNG Error since Update (OPNsense 20.1.8_1-amd64) is there an fix? Or how to fix?

2020-07-07T18:09:00   ntopng: [LuaEngine.cpp:12141] WARNING: Script failure [/usr/local/share/ntopng/scripts/callbacks/system/housekeeping.lua][/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:142: attempt to index a nil value (field 'alert_type')]
2020-07-07T18:00:00   ntopng: [host.lua:8] [alert_consts.lua:207] ERROR: Missing required field 'alert_key' in /var/db/ntopng/plugins0/alert_definitions/alert_request_reply_ratio.lua
2020-07-07T18:00:00   ntopng: [system.lua:8] [alert_consts.lua:207] ERROR: Missing required field 'alert_key' in /var/db/ntopng/plugins0/alert_definitions/alert_slow_purge.lua
2020-07-07T17:56:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:56:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:56:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:56:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:45:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:45:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:45:00   ntopng: [host.lua:8] [alert_consts.lua:207] ERROR: Missing required field 'alert_key' in /var/db/ntopng/plugins0/alert_definitions/alert_user_activity.lua
2020-07-07T17:45:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:45:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:45:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:45:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/host.lua] [/usr/local/share/ntopng/scripts/lua/modules/alerts_api.lua:321: attempt to index a nil value (field 'alert_type')]
2020-07-07T17:12:00   ntopng: [minute.lua:11] [alert_consts.lua:207] ERROR: Missing required field 'alert_key' in /var/db/ntopng/plugins0/alert_definitions/alert_host_pool_disconnection.lua
2020-07-07T17:12:00   ntopng: [minute.lua:11] [alert_consts.lua:207] ERROR: Missing required field 'alert_key' in /var/db/ntopng/plugins0/alert_definitions/alert_quota_exceeded.lua
2020-07-07T17:11:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/flow.lua] [.../local/share/ntopng/scripts/callbacks/interface/flow.lua:444: attempt to index a nil value (local 'flow_status_type')]
2020-07-07T17:11:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/flow.lua] [.../local/share/ntopng/scripts/callbacks/interface/flow.lua:444: attempt to index a nil value (local 'flow_status_type')]
2020-07-07T17:11:00   ntopng: [AlertCheckLuaEngine.cpp:167] WARNING: Script failure[/usr/local/share/ntopng/scripts/callbacks/interface/flow.lua] [.../local/share/ntopng/scripts/callbacks/interface/flow.lua:444: attempt to index a nil value (local 'flow_status_type')]

14

20.1 Legacy Series / Port Forwarding/NAT for Nginx

« on: May 24, 2020, 03:00:03 pm »

How do I have to set up the NAT for Nginx on the OPNsense? Must port forwarding (RDR) have to look at the firewall itself?

Or how is this to be set up correctly?

15

20.1 Legacy Series / Re: Problem with Carp / Gatewaymonitoring and Suricata

« on: May 13, 2020, 04:42:49 pm »

OPNsense1-1.log in Attachment