Activating IDS looses network connection

Started by soundie, November 02, 2019, 06:13:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 02, 2019, 06:13:17 PM Last Edit: November 02, 2019, 06:20:56 PM by soundie
Hi.
I'm new to OPNsense - very very impressed, and donation sent :)

I've been running OPNsense for about a week without issues, during this time IDS also has been working fine.
Unsure if its related, but yesterday i installed Sensei - and the OPN lost network connection - i was unable to log on to the webgui at all (of course).

Switching to the console monitor directly on the OPN hardware there was thousands of these flowing over the screen:
[1766] netmap_ring_init called for em2 RX1
[1721] nm rxsync prologue

I was struggling since these messages occupied the whole screen while scrolling.
Rebooting the FW i was able to ping internet from my pc a couple of seconds before the messages broke loose again - blocking me out.

"blinded" i logged on to the console - typed "service suricata stop".
All communication returned to normal.
Starting suricata service - all error messages returned.

I'm now running with IDS deactivated.

Question:
Are there conflicts running IDS and Sensei together - could that be the fault i made?

PS: The IDS log-file has a lot of these, when i try to activate it:
suricata[67911]: [100552] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading data from iface 'em2': (0u) No error: 0

Any advice or tips are appreciated :)

Today i upgraded to 19.7.6 - issue unresolved.
November 02, 2019, 08:38:43 PM #1
Normally you should get a warning from Sensei when you try to start it on an Interface running IPS. It's not supported
November 02, 2019, 09:20:07 PM #2
Aha!

Should be noted on the installation guide...
Thank you for replying - and solving :)

November 02, 2019, 09:59:14 PM #3
It should already: https://snipboard.io/z3a5QD.jpg
November 02, 2019, 10:44:43 PM #4
Never seen that one before...
Anyhow - understood now :)
Print
Go Up Pages1
User actions