Messages

Looking earlier in the log I can also see:

pcib1: <ACPI PCI-PCI bridge> irq 25 at device 2.2 on pci0
pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff
pci1: <ACPI PCI bus> on pcib1
igb0: <Intel(R) I211 (Copper)> port 0x2000-0x201f mem 0xd0000000-0xd001ffff,0xd0020000-0xd0023fff irq 28 at device 0.0 on pci1
igb0: NVM V0.6 imgtype1
igb0: Using 1024 TX descriptors and 1024 RX descriptors
igb0: Using 2 RX queues 2 TX queues
igb0: Using MSI-X interrupts with 3 vectors
igb0: Ethernet address: 00:0d:b9:5c:43:fc
igb0: netmap queues/slots: TX 2/1024, RX 2/1024
pcib2: <ACPI PCI-PCI bridge> irq 26 at device 2.3 on pci0
pcib2: failed to allocate initial I/O port window: 0x2000-0x2fff
pci2: <ACPI PCI bus> on pcib2
igb1: <Intel(R) I211 (Copper)> port 0x3000-0x301f mem 0xd0100000-0xd011ffff,0xd0120000-0xd0123fff irq 32 at device 0.0 on pci2
igb1: NVM V0.6 imgtype1
igb1: Using 1024 TX descriptors and 1024 RX descriptors
igb1: Using 2 RX queues 2 TX queues
igb1: Using MSI-X interrupts with 3 vectors
igb1: Ethernet address: 00:0d:b9:5c:43:fd
igb1: netmap queues/slots: TX 2/1024, RX 2/1024
pcib3: <ACPI PCI-PCI bridge> irq 27 at device 2.4 on pci0
pcib3: failed to allocate initial I/O port window: 0x3000-0x3fff
pci3: <ACPI PCI bus> on pcib3

I have the same issue. It started after updating from 22.1.5 to 22.1.6

>>> Invoking early script 'templates'
Generating configuration: configd socket missing (@/var/run/configd.socket)
>>> Error in early script 'templates'

The system boots just fine and everything seems to work as it used to.

Correction the network seems to be crashing when the device is untouched:

login: 615.010326 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
615.583381 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
igb1: link state changed to DOWN
615.879131 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
616.176454 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
616.199640 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
igb0: link state changed to DOWN
616.483398 [ 849] iflib_netmap_config       txr 2 rxr 2 txd 1024 rxd 1024 rbufsz 2048
igb0: link state changed to UP
igb1: link state changed to UP

All rules regarding battle.net and for ex. warcraft are disabled in "Rules" overview?

Check the messeges in Suricata to see what is blocked and what rule is responsible. Then you can fix the rule.

Does it work when when you disable the suricata service?

Ping!
Anything better than  IDSDeathBlossom ?

I guess it will have to do for now.

Hi everyone!
I would like to test Suricata, one way to do this is to connect it inline, activate a bunch of rules that I know how to trigger using various tools like NMAP but is there a better way?

Is there a script or a tool that can emulate a bunch of known/simple attacks?

Coming from commercial IDS/IPS systems, you usually have access to such tools but I could not find anything for Suricata.
I really hope that someone here can help me out.

Thank you upfront!

 curl -k -u "**********":"*************" http://192.168.13.37/api/ids/service/getAlertinfo/[$alertid]

Actually gives me one alert, also
curl -k -u "**********":"*************" http://192.168.13.37/api/ids/service/getAlertinfo/[$eve.json] gives me the last alert in the log

Hi,
I am using CURL in Linux, trying to grab the eve.json log via the API.
Following the documentation, I am executing the following command:



curl -k -u "********":"*******" http://192.168.13.37/api/ids/service/getAlertLogs/$filedid=
or
curl -k -u "********":"*******" http://192.168.13.37/api/ids/service/getAlertLogs/$alertId

But I am getting nothing in return other than:
[{"size":2095025,"modified":"2020\/06\/03 11:36","filename":"eve.json","sequence":null},{"size":19470158,"modified":"2020\/05\/24 22:54","filename":"eve.json.0","sequence":0}]

What am I doing wrong?

Please help me.

Best regards,
Albert