Error reconfiguring IDS: Error (1) / Hyperscan: Error installing ids rules (1)

Started by opnrules, August 03, 2020, 09:31:53 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
September 03, 2020, 10:40:41 AM #15
New Error Message
September 05, 2020, 07:21:48 PM #16
Any fixes for this error?
September 08, 2020, 10:36:37 PM #17
I had the same Problems to download the rules.

I disabled Suricata and then i deleted all Directories and Files under /usr/local/etc/suricata/opnsense.rules/
reload the config-page and activate ids, then download the rules and all works fine.
September 09, 2020, 08:20:25 AM #18
Removing os-intrusion-detection-content-pt-open-1.0 fixed it for me, I am solely using the ET Telemetry ruleset now without problems it seems.
September 13, 2020, 08:03:53 PM #19
To me this happend when IDS process was not running:
https://github.com/opnsense/core/issues/4346

This means that the action worked in general but after this it tries to restart the process which fails, but the reload of rules works
September 27, 2020, 01:29:07 AM #20
I updated to 7.3

The problem is still not corrected. There are errors when updating Suricata rules.

It there any solution?
September 27, 2020, 08:14:52 AM #21
configd.log please when error appears
September 27, 2020, 08:12:25 PM #22
So I am not sure if it is related, but I was also having problems when rules were being reloaded every night via cron.  At first I thought it was the abuse.ch rulesets, so I loaded smaller groups of rulesets at a time, it would only fail on the ET rulesets.  So I am not sure if this an issue on ET's end but in the meantime I've just learned to live with it.  Sometimes it works some nights it doesn't.
April 27, 2021, 12:20:38 PM #23
Still got the same problem with the newest OPNsense version. Any update how to fix that?
December 20, 2021, 02:31:50 AM #24
Exactly the same error, but IDS works.

the error disappears after deletion
rm -rf / usr/local/etc/suricata/

BUT!  >:(
IDS stops working immediately after enabling ClamAV + ICAP.
December 20, 2021, 06:22:32 AM #25
Because you have to few RAM? Clamav needs 2gb alone.
December 20, 2021, 11:22:29 PM #26
Quote from: mimugmail on December 20, 2021, 06:22:32 AM
Because you have to few RAM? Clamav needs 2gb alone.


Yes, it's out of memory!
I have enabled all IDS  rules for the test.
Perhaps there is a recommendation for the minimum settings for the IDS rules?
December 21, 2021, 06:54:52 AM #27
I would never use it with less than 8
December 26, 2021, 01:06:36 PM #28
Issue still persists, Suricata quits periodically over night (even when there is nearly no traffic).
December 26, 2021, 05:53:24 PM #29
Are you on 21.7.7?
Print
Go Up Pages 1 2 3
User actions