136
Intrusion Detection and Prevention / Re: IDS/IPS Surciata fails to start when abuse.ch/URLhaus is activated
« on: August 31, 2018, 02:08:01 pm »
I have the same issue, basically running suricata kills my opnsense box, forcing a hard reboot. Im working on a suricata server I can pass all traffic through. Does not look like it was meant to be. Pfsense has this same issue, but the rules are much much easier to add/remove/suppress. My solution is to spin up another server running a dedicated IDS firewall such as simplewall/SELKS/bare metal suricata (or even pfsense just running suricata), and pass the data to another server running ELK stack. So Modem > Opnsense Firewall > IDS > LAN with a failover bypassing the IDS in case it goes down, and for devices I do not need to worry about using VLANS. Was hoping to pass data directly to my log server but my elk stack is using docker which means no real way to input opnsense data.