Enabling suricata IPS in 22.1 causes Alerts timestamps to break (zero)

merkuron · February 06, 2022, 10:26:41 PM

Fresh install of 22.1 with a restored configuration that was backed up from a previously upgraded 21.7.8 -> 22.1. Enabling suricata IDS works fine, with alerts coming through with the expected timestamp. However, when turning on IPS mode (single listening interface, physical trunk), all timestamps for Alerts are zeroed out. This reverts if suricata is switched back to IDS mode, and is repeatable IDS -> IPS -> IDS ad infinitum. Has anyone seen this error before? What might be happening here?

franco · February 07, 2022, 01:24:07 PM

Haven't seen this before but looks weird. Would you mind opening a bug report via https://github.com/opnsense/core/issues/new?assignees=&labels=&template=bug_report.md&title=

Thanks,
Franco

Enabling suricata IPS in 22.1 causes Alerts timestamps to break (zero)

merkuron

February 06, 2022, 10:26:41 PM

franco

February 07, 2022, 01:24:07 PM #1