[SOLVED] Intrusion Detection (suricata) keeps exiting

Started by Aergan, February 13, 2017, 10:15:41 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 27, 2017, 05:30:51 PM #15
Odd. What's the output of:

# uname -a


Cheers,
Franco
February 27, 2017, 05:43:38 PM #16
It Reads:

FreeBSD OPNSense.localdomain 11.0-RELEASE-p7 FreeBSD 11.0-RELEASE-p7 #0 ca29eed2d(Stable/17.1): Mon Feb 20 15:24:20 CET 2017 root@sensey32:/usr/obj/usr/src/sys/SMP i386
February 27, 2017, 05:49:30 PM #17
Ok, so far so good.

Can you post output of the following command before an after reinstalling the kernel?

# ls -lah /dev/netmap

The kernel reinstalls with:

# opnsense-update -fk
# /usr/local/etc/rc.reboot

And then try again. So far it looks like Suricata can't start because you set IPS mode but the kernel module for IPS is gone which is rather odd.

Also, what network cards / drivers are you using?


Cheers,
Franco
February 27, 2017, 06:00:25 PM #18 Last Edit: February 27, 2017, 06:47:58 PM by pbolduc
I am unable to proceed as the device is in use at the moment. I will try and perform these steps at the end of day. Thank you for your time. The network drivers would be the Intel E1000.

When I run before the reboot:  "ls -lah /dev/netmap" it returns  "ls: /dev/netmap: No such file or directory"

I was able to get Suricata to start by disabling IPS.
February 27, 2017, 10:51:23 PM #19
Ok, netmap was missing from i386 since 17.1, which affected IPS mode only. FreeBSD added netmap to their 11.0 config, but only for amd64, not i386. Sorry about this.

The kernel is fixed and syncing to the mirrors. Just reapply 17.1.2:

# opnsense-update -fk
# /usr/local/etc/rc.reboot

And it should be all good when the /dev/netmap device is back.


Cheers,
Franco
February 28, 2017, 01:38:46 AM #20
Yep, that fixed it after reapplying 17.1.2. Thanks very much!
March 02, 2017, 08:12:04 AM #21
Ok, change will become permanent in 17.1.3.


Cheers,
Franco
Print
Go Up Pages 1 2
User actions