Messages

System : Firmware : Packages

There's a reinstall button for every pkg

Thank you.
I reinstalled Suricata but the problem persists.

The messages I still get are:
Jul 18 17:34:29    kernel: pid 52626 (suricata), uid 0: exited on signal 6 (core dumped)
Jul 18 17:29:46    kernel: -> pid: 52293 ppid: 49789 p_pax: 0x850<SEGVGUARD,ASLR,NODISALLOWMAP32BIT>
Jul 18 17:29:46    kernel: [HBSD SEGVGUARD] [/usr/local/bin/suricata (52293)] Suspension expired.

[how do I reinstall Suricata?]

I reinstalled Suricata und downloaded the rules again. Disabled URL-Haus, this made it working for me.

The Thing is, that i never saw any Action from suricata except the start in the logs. Reinstalling fixed it for me.

Roger

Thanks for your help.

Please forgive my ignorance, but  how do I reinstall Suricata?

Thanks.

Can you disable all rules for testing?

Thank you for your help.

I have deactivated all the rules and switched back to Hyperscan and Suricata still crashes.
Note that the memory usage, with all the rules discabled, still peaks at about 50% during Suricata startup, then drops to about 20%.

It would seem that Pattern matcher "Hyperscan" is the culprit.
When I switch to "Aho-Corasick" Suricata starts. Performance is way lower than with Hyperscan though.

Note that the messages
suricata: [100185] <Notice> -- rule reload starting
suricata: [100185] <Notice> -- rule reload complete
still no longer show as of 18.1.11

How can I get this fixed to get Hyperscan to work again?

I have the same problem.

I have deactivated url.haus entirely, but this did not help.
I still get kernel: pid 5613 (suricata), uid 0: exited on signal 6 (core dumped)
I don't think that a rule is the culprit because, when I check the Intrusion detection log, I do not even see the usual message
suricata: [100137] <Notice> -- rule reload starting
All i get now is thie message and then I see the crash in the system log.
   suricata: [100180] <Notice> -- This is Suricata version 4.0.4 RELEASE

The memory usage peaks at 50% on suricata start.
Restarting the firewall did not help. I have a APU.2C4.

The problem started 3 days ago, not sure what triggered it. I never had it before 18.1.11, that I know.

Please help.

[Host Overrides]

After configuring my OPNsense firewall I found that all this is possible.

PTR records can be defined in OPNsense in
Services, Unbound DNS, Overrides, Host Overrides

The Domain Zone Forwarder equivalent is:
Services, Unbound DNS, Overrides, Domain Overrides

Hello.

I have a pretty basic OPNsense configuration (see attached pic).

My problem is that one type of outgoing connections from a PC on the LAN (to a socks proxy mainly, only used on that PC) appear in the log as from the firewall itself (with source IP 192.168.3.101). The label for these log entries is "let out anything from firewall host itself".
I cannot find a firewall rule with that description.

So I have 2 questions:
1) Why would these connection wrongly appear to come from the firewall?
2) Where is that rule "let out anything from firewall host itself" (and how can I avoid it clogging up my log)?

Thanks for any help.

Hi guys.

Today I have a Zyxel USG100 and tomorrow I will use a OPNSense firewall.

On my Zyxell firewall I could define Address/PTR records and I found that was handy, instead of setting addresses on Windows workstations in the hosts file. Can I define PTR rcords with OPNsense?

The Zyxel also lets me set the DNS server to use, based on the destination domain (Domain Zone Forwarder).
Can I do this with OPNsense too?

Thanks for helping this OPNsense beginner  :)