Messages

1

22.1 Legacy Series / Re: Configd socket missing

« on: May 10, 2022, 04:31:57 pm »

Looking earlier in the log I can also see:

pcib1: <ACPI PCI-PCI bridge> irq 25 at device 2.2 on pci0
pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff
pci1: <ACPI PCI bus> on pcib1
igb0: <Intel(R) I211 (Copper)> port 0x2000-0x201f mem 0xd0000000-0xd001ffff,0xd0020000-0xd0023fff irq 28 at device 0.0 on pci1
igb0: NVM V0.6 imgtype1
igb0: Using 1024 TX descriptors and 1024 RX descriptors
igb0: Using 2 RX queues 2 TX queues
igb0: Using MSI-X interrupts with 3 vectors
igb0: Ethernet address: 00:0d:b9:5c:43:fc
igb0: netmap queues/slots: TX 2/1024, RX 2/1024
pcib2: <ACPI PCI-PCI bridge> irq 26 at device 2.3 on pci0
pcib2: failed to allocate initial I/O port window: 0x2000-0x2fff
pci2: <ACPI PCI bus> on pcib2
igb1: <Intel(R) I211 (Copper)> port 0x3000-0x301f mem 0xd0100000-0xd011ffff,0xd0120000-0xd0123fff irq 32 at device 0.0 on pci2
igb1: NVM V0.6 imgtype1
igb1: Using 1024 TX descriptors and 1024 RX descriptors
igb1: Using 2 RX queues 2 TX queues
igb1: Using MSI-X interrupts with 3 vectors
igb1: Ethernet address: 00:0d:b9:5c:43:fd
igb1: netmap queues/slots: TX 2/1024, RX 2/1024
pcib3: <ACPI PCI-PCI bridge> irq 27 at device 2.4 on pci0
pcib3: failed to allocate initial I/O port window: 0x3000-0x3fff
pci3: <ACPI PCI bus> on pcib3

2

22.1 Legacy Series / Re: Configd socket missing

« on: May 10, 2022, 03:43:12 pm »

I have the same issue. It started after updating from 22.1.5 to 22.1.6

>>> Invoking early script 'templates'
Generating configuration: configd socket missing (@/var/run/configd.socket)
>>> Error in early script 'templates'

The system boots just fine and everything seems to work as it used to.

Correction the network seems to be crashing when the device is untouched:

login: 615.010326 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
615.583381 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
igb1: link state changed to DOWN
615.879131 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
616.176454 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
616.199640 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
igb0: link state changed to DOWN
616.483398 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
igb0: link state changed to UP
igb1: link state changed to UP

3

Intrusion Detection and Prevention / Re: Suricata prevents Battle.net login - no drops or alerts logged

« on: February 28, 2021, 06:40:08 pm »

All rules regarding battle.net and for ex. warcraft are disabled in "Rules" overview?

Check the messeges in Suricata to see what is blocked and what rule is responsible. Then you can fix the rule.

4

Intrusion Detection and Prevention / Re: Suricata prevents Battle.net login - no drops or alerts logged

« on: August 25, 2020, 11:49:59 pm »

Does it work when when you disable the suricata service?

5

Intrusion Detection and Prevention / Re: Emulating/triggering alerts.

« on: August 23, 2020, 11:50:58 pm »

Ping!
Anything better than  IDSDeathBlossom ?

I guess it will have to do for now.

6

Intrusion Detection and Prevention / Emulating/triggering alerts.

« on: August 17, 2020, 10:00:31 pm »

Hi everyone!
I would like to test Suricata, one way to do this is to connect it inline, activate a bunch of rules that I know how to trigger using various tools like NMAP but is there a better way?

Is there a script or a tool that can emulate a bunch of known/simple attacks?

Coming from commercial IDS/IPS systems, you usually have access to such tools but I could not find anything for Suricata.
I really hope that someone here can help me out.

 Thank you upfront!

7

20.1 Legacy Series / Re: IDS API cant get it to work :(

« on: June 03, 2020, 01:37:35 pm »

 curl -k -u "**********":"*************" http://192.168.13.37/api/ids/service/getAlertinfo/[$alertid]

Actually gives me one alert, also
curl -k -u "**********":"*************" http://192.168.13.37/api/ids/service/getAlertinfo/[$eve.json] gives me the last alert in the log

8

20.1 Legacy Series / IDS API cant get it to work :(

« on: June 03, 2020, 11:37:42 am »

Hi,
I am using CURL in Linux, trying to grab the eve.json log via the API.
Following the documentation, I am executing the following command:



curl -k -u "********":"*******" http://192.168.13.37/api/ids/service/getAlertLogs/$filedid=
or
curl -k -u "********":"*******" http://192.168.13.37/api/ids/service/getAlertLogs/$alertId

But I am getting nothing in return other than:
[{"size":2095025,"modified":"2020\/06\/03 11:36","filename":"eve.json","sequence":null},{"size":19470158,"modified":"2020\/05\/24 22:54","filename":"eve.json.0","sequence":0}]

What am I doing wrong?

Please help me.

Best regards,
Albert