Messages

i was talking abou the lastest stable version, not the rc  :)

i will investigate this further as soon i find some time, and sure i can post some screenshots.
checked the processes via ssh ofc, but not the files since i dont know how they have to look.

the "ERRCODE: SC_ERR_NO_RULES_LOADED(43)" only appears after upgrading to the latest version, before that i saw notifications.

i tried to load different rules, abuse.ch, changed from alert to block, used other rules, test rules, test viruses, nothing.

before i post i did a lot of search in the forums and im not new to this topic, sysadmin since over 20 years now.

im glad for any hint here, next thing im gonna try is waiting for the next version and try a fresh install.
(everything else works fine, i have vpn's running as client, dhcp, nat, you name it.)
only this is giving me hard times, comming from sophos and switching many sites...

I Have ips and ids active with social media filter, but on any client pc i can connect to facebook, then i think its active but not working, why?

exactly the same here, no alert, no block action (if set to drop).

same here:

Jan 19 10:22:47   suricata: [100163] <Notice> -- all 9 packet processing threads, 4 management threads initialized, engine started.
Jan 19 10:22:47   suricata: [100163] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
Jan 19 10:22:46   suricata: [100345] <Notice> -- This is Suricata version 4.1.2 RELEASE
Jan 19 10:22:46   suricata: [100163] <Notice> -- Stats for 'igb1+': pkts: 1923, drop: 0 (0.00%), invalid chksum: 0
Jan 19 10:22:46   suricata: [100163] <Notice> -- Stats for 'igb1': pkts: 3955, drop: 0 (0.00%), invalid chksum: 0

Hi

yes, i did.
i`m still trying to get this to work, but even after upgrading last week ist not working.

hi

i`m running the latest stable version, everything is fine but suricata seems not to work.

i tried some of the abuse.ch rules, urlhaus for example, rules are downloaded, activated and set to block but i can access the any site form the list.

same goes for geoip countryblock, i see a lot of russian ip`s on the firewall, so i set up a rule to block russia, but nothing happens. No alerts from suricata but block actions on the firewall.

hardware is a Little supermicro with Intel Atom and Intel nics, 8gb ram, 120gb ssd.
i went trough the forum already for performance tuning and a suricata guide, no success.
all services are running fine and im a bit cluesless.

edit: static ipv4 on wan and lan, bridged cablemodem.


thats how the alerts look:

2018-12-31T13:53:55.370905+0100
allowed
WAN
2.22.152.33
443
x.x.x.x
60301
SURICATA STREAM excessive retransmissions

2018-12-31T13:51:48.254029+0100
allowed
WAN
x.x.x.x
61759
2.20.248.154
443
SURICATA STREAM excessive retransmissions

2018-12-31T12:08:27.682942+0100
allowed
WAN
23.0.174.128
443
x.x.x.x
27980
SURICATA STREAM excessive retransmissions

2018-12-31T11:57:22.226768+0100
allowed
WAN
192.229.221.214
443
x.x.x.x
15499
SURICATA STREAM excessive retransmissions

2018-12-31T11:44:54.118050+0100
allowed
WAN
192.229.221.214
443
x.x.x.x
2291
SURICATA STREAM excessive retransmissions

thanks for any help