Suricata 5 Beta - Can We Upload to OPNSense

[ruggerio]

so i ask, if it makes sense to test s5 here?

[mimugmail]

Sure it makes sense, maybe it makes sense to switch logging to syslog and check eve.log about S5 findings.
Regarding the interface naming maybe it's worth to check release notes.

Most of the dev's are highly loaded with other tasks, that's why they'll start to test when S5 is stable (my personal view). Nonetheless, very appreciated when you start testing first! 

[ruggerio]

OK, can we be sure, that the rulesets e.g. of ET Open are compatible between the versions?

[mimugmail]

I haven't tested them yet, but you should get some warnings in suricata log if they don't fit

[mimugmail]

Ok, it seems the logging is broken, but right now I have no idea if it's new logging features of 19.7 or Suricata itself.

[ruggerio]

i am quite sure, it's suricata itself, as i stepped down to 4.1. and still have problems with logging. I will now "upgrade" again to suricata 5 and continue testing.

[ruggerio]

btw. wouldn't it perhaps make sense, to plan suricata 5 for 20.1?

[franco]

It it's out and it works fine it's in 20.1, maybe even 19.7 later on. It depends on the release date. Probably some time this fall.


Cheers,
Franco

[spetrillo]

It looks like Suricata 5 is now a stable release. Is there a timetable for including it in OPNsense? Version 20 perhaps? Is there also a way to get other options added to the plugins, like Elastic Beats?

[mimugmail]

There is already a pkg for beats

[spetrillo]

Yes it is 6.7.1 but needs to be installed manually. Will it ever get added as a plug-in or will it always be manual?

[mimugmail]

I have a kind of enterprise plugin with a pure free field to configure, but it will never be merged.

[spetrillo]

That is certainly too bad. I am trying to figure out how to keep Beats up to date on OPNsense. A bit of a pain.