Archive > 19.1 Legacy Series
ips/ids suricata Solved
GDixon:
Hi,
I followed the wiki to enable Intrusion detection and have a couple problems.
--- Code: ---OPNsense 19.1.b_306-amd64
FreeBSD 11.2-RELEASE-p4-HBSD
OpenSSL 1.0.2q 20 Nov 2018
--- End code ---
I get these errors and of the 4 abuse.ch rule sets only the one actually downloads. These are the only rules I enabled to test suricata out.
--- Code: ---abuse.ch/Dyre SSL IPBL not installed drop
abuse.ch/Feodo Tracker 2018/12/01 1:31 drop
abuse.ch/SSL Fingerprint Blacklist not installed drop
abuse.ch/SSL IP Blacklist not installed drop
--- End code ---
and these errors are in the log
--- Code: ---Dec 1 01:30:43 suricata: [100244] <Notice> -- Stats for 'em1': pkts: 283, drop: 0 (0.00%), invalid chksum: 0
--- End code ---
--- Code: ---ec 1 01:30:23 suricata: [100172] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid mpm algo supplied in the yaml conf file: "hs"
--- End code ---
I rebooted and the same happens along with the IPv6 gateway being down and needing a restart.
what did i screw up this time? :)
mimugmail:
Change between Hyperscan and Aho?
GDixon:
I'm using the default Aho but did try the hyperscan and ips/ids wouldn't load or refresh at all with hyperscan so am currently using the default Aho.
t00r:
All of the abuse.ch lists have problems at the moment (server-problems caused from an OS-update).Try the ET Open lists.
GDixon:
I was going through old threads and saw that, went to their site and no mention of continuing problems. I'll turn off the 4 and try your suggestion :)
which ET rules would you recommend?
thank you
Navigation
[0] Message Index
[#] Next page
Go to full version