Archive > 19.1 Legacy Series

ips/ids suricata Solved

(1/5) > >>

GDixon:
Hi,
I followed the wiki to enable Intrusion detection and have a couple problems.


--- Code: ---OPNsense 19.1.b_306-amd64
FreeBSD 11.2-RELEASE-p4-HBSD
OpenSSL 1.0.2q 20 Nov 2018
--- End code ---

I get these errors and of the 4 abuse.ch rule sets only the one actually downloads. These are the only rules I enabled to test suricata out.


--- Code: ---abuse.ch/Dyre SSL IPBL not installed drop
abuse.ch/Feodo Tracker 2018/12/01 1:31 drop
abuse.ch/SSL Fingerprint Blacklist not installed drop
abuse.ch/SSL IP Blacklist not installed drop
--- End code ---

and these errors are in the log


--- Code: ---Dec 1 01:30:43 suricata: [100244] <Notice> -- Stats for 'em1': pkts: 283, drop: 0 (0.00%), invalid chksum: 0
--- End code ---


--- Code: ---ec 1 01:30:23 suricata: [100172] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid mpm algo supplied in the yaml conf file: "hs"
--- End code ---

I rebooted and the same happens along with the IPv6 gateway being down and needing a restart.

what did i screw up this time?  :)

mimugmail:
Change between Hyperscan and Aho?

GDixon:
I'm using the default Aho but did try the hyperscan and ips/ids wouldn't load or refresh at all with hyperscan so am currently using the default Aho.

t00r:
All of the abuse.ch lists have problems at the moment (server-problems caused from an OS-update).Try the ET Open lists.

GDixon:
I was going through old threads and saw that, went to their site and no mention of continuing problems. I'll turn off the 4 and try your suggestion :)

which ET rules would you recommend?

thank you

Navigation

[0] Message Index

[#] Next page

Go to full version