46
19.1 Legacy Series / Re: ips/ids suricata
« on: December 02, 2018, 07:44:07 pm »
reformatted, installed, updated and reconfigured by hand.
enabled all the ET rules and yes it is the rules that slow the gui page loads, especially any that have live data like the dashboard or any that make significant changes so it is NOT a OPNsense problem.
no errors currently but a few things like the cron redirect do not work, no alerts show in the alerts admin gui and on reboot with ips/ids enabled some services tale a long time to load / start like dhcp6, ra ( related to dhcp6 most likely) ntp and the gateways.
Some of this is obviously a hardware limit. I'm using a old acer with a AMD athlon core 2 at 2.5 Ghz (4850e) with a 250G WD blue 2.5" HDD sata and no hyper threading or aes-ni and 4 Gigs of ram. Load is ok, ram usage 24 to 36% and temps 38 to 49 so ok Mbuf's at 1 %. State table has not gone above 1% so far
There is no noticeable slow down in browsing web sites or on the Lan (2 nas's (nas4free/Xigma), 3 cell phones and 5 to 7 computers on the Lan) that I can tell it mostly has to do with the OPNsense gui being slow to load in some areas.
When the alerts are fixed I'll go through and fine tune them and see what the thresh hold for this hardware might be with number of rules and speed for the OPNsense gui loading and then move to another hardware set up in time.
Possibly a dell r210 II or maybe I'll try one of the HP T620 plus thin clients.
For now it's just waiting for the next updates
EDIT: the 7 to 8 second refresh on the dashboard scrolls the dashboard back to the top and that does get ummm inconvenient when your trying to watch a graph or something below.
EDIT: I have these plugins enabled
whats the difference for the devel plugins?
greg
enabled all the ET rules and yes it is the rules that slow the gui page loads, especially any that have live data like the dashboard or any that make significant changes so it is NOT a OPNsense problem.
no errors currently but a few things like the cron redirect do not work, no alerts show in the alerts admin gui and on reboot with ips/ids enabled some services tale a long time to load / start like dhcp6, ra ( related to dhcp6 most likely) ntp and the gateways.
Some of this is obviously a hardware limit. I'm using a old acer with a AMD athlon core 2 at 2.5 Ghz (4850e) with a 250G WD blue 2.5" HDD sata and no hyper threading or aes-ni and 4 Gigs of ram. Load is ok, ram usage 24 to 36% and temps 38 to 49 so ok Mbuf's at 1 %. State table has not gone above 1% so far
There is no noticeable slow down in browsing web sites or on the Lan (2 nas's (nas4free/Xigma), 3 cell phones and 5 to 7 computers on the Lan) that I can tell it mostly has to do with the OPNsense gui being slow to load in some areas.
When the alerts are fixed I'll go through and fine tune them and see what the thresh hold for this hardware might be with number of rules and speed for the OPNsense gui loading and then move to another hardware set up in time.
Possibly a dell r210 II or maybe I'll try one of the HP T620 plus thin clients.
For now it's just waiting for the next updates
EDIT: the 7 to 8 second refresh on the dashboard scrolls the dashboard back to the top and that does get ummm inconvenient when your trying to watch a graph or something below.
EDIT: I have these plugins enabled
Code: [Select]
os-dyndns (installed) 1.10_1 134KiB Dynamic DNS Support
os-smart (installed) 1.5 15.2KiB SMART tools
os-upnp (installed) 1.2_3 31.2KiB Universal Plug and Play Service
os-vnstat (installed) 1.0 20.7KiB vnStat is a console-based network traffic monitor
os-wol (installed) 2.0 20.8KiB Wake on LAN Service
whats the difference for the devel plugins?
greg