Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Enabling suricata IPS in 22.1 causes Alerts timestamps to break (zero)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Enabling suricata IPS in 22.1 causes Alerts timestamps to break (zero) (Read 1596 times)
merkuron
Newbie
Posts: 1
Karma: 0
Enabling suricata IPS in 22.1 causes Alerts timestamps to break (zero)
«
on:
February 06, 2022, 10:26:41 pm »
Fresh install of 22.1 with a restored configuration that was backed up from a previously upgraded 21.7.8 -> 22.1. Enabling suricata IDS works fine, with alerts coming through with the expected timestamp. However, when turning on IPS mode (single listening interface, physical trunk), all timestamps for Alerts are zeroed out. This reverts if suricata is switched back to IDS mode, and is repeatable IDS -> IPS -> IDS ad infinitum. Has anyone seen this error before? What might be happening here?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Enabling suricata IPS in 22.1 causes Alerts timestamps to break (zero)
«
Reply #1 on:
February 07, 2022, 01:24:07 pm »
Haven't seen this before but looks weird. Would you mind opening a bug report via
https://github.com/opnsense/core/issues/new?assignees=&labels=&template=bug_report.md&title=
Thanks,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Enabling suricata IPS in 22.1 causes Alerts timestamps to break (zero)