1
Intrusion Detection and Prevention / Suricata crashes when triggered
« on: March 24, 2024, 08:05:01 pm »
This is a new setup of OPNSense on a Protecli 10-core machine, so ample hardware. Everything left to defaults except configured as a transparent gateway.
Suricata starts fine but crashes as soon as the client visits "testmyids.com"
The log line at the crash is always:
Error suricata [101593] <Error> -- opening devname netmap:ixl1/R failed: Invalid argument
I've tried in WAN, LAN, and WANLANBRIDGE as the interface, and the referenced port changes, but the error remains the same.
Based on older posts, I experimented with these settings to no avail...
dev.netmap.admode = 2
dev.netmap.buf_num=200000
dev.netmap.ring_num=800
dev.netmap.buf_size=4096
I'd appreciate any help/advice on troubleshooting (or ideally, fixing) this one!
Cheers,
Dave Plummer
Dave's Garage
OPNsense 24.1.4-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13
Suricata starts fine but crashes as soon as the client visits "testmyids.com"
The log line at the crash is always:
Error suricata [101593] <Error> -- opening devname netmap:ixl1/R failed: Invalid argument
I've tried in WAN, LAN, and WANLANBRIDGE as the interface, and the referenced port changes, but the error remains the same.
Based on older posts, I experimented with these settings to no avail...
dev.netmap.admode = 2
dev.netmap.buf_num=200000
dev.netmap.ring_num=800
dev.netmap.buf_size=4096
I'd appreciate any help/advice on troubleshooting (or ideally, fixing) this one!
Cheers,
Dave Plummer
Dave's Garage
OPNsense 24.1.4-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13