netflow traffic graphing not working

[TomK]

Since I enabled ids/ips the traffic on the interfaces chosen is no longer graphing on the netflow traffic graph.

Any way to have both ids/ips and graphing?

OPNsense 20.7.2
Suricata 5.0.3 running in system mode

[Wyka]

OPNsense Java jar file domyhomeworkonline.net

Hello,

Have you tried to configure Suricata for both IPS and IDS on different set of network ports?
Here's the topic on the suricata forum:


https://forum.suricata.io/t/suricata-configuration-for-ips-and-ids-mode/173

[Wyka]

Btw, I also used Bro (Zeek) and then Snort a couple of months ago.
I upgraded Suricata to 20.7 and received an error message: Error re configuring the IDS : Error (99) It was related to the Netmap issues, as it turned out.

[mimugmail]

Since I enabled ids/ips the traffic on the interfaces chosen is no longer graphing on the netflow traffic graph.

Any way to have both ids/ips and graphing?

OPNsense 20.7.2
Suricata 5.0.3 running in system mode

Known issue since 20.7, it only works on interfaces without netmap (Sensei, Suricata)

[axel2078]

Since I enabled ids/ips the traffic on the interfaces chosen is no longer graphing on the netflow traffic graph.

Any way to have both ids/ips and graphing?

OPNsense 20.7.2
Suricata 5.0.3 running in system mode

Known issue since 20.7, it only works on interfaces without netmap (Sensei, Suricata)

Is this a bug in OPNsense, or somewhere else?  Is it something that can be fixed?

[mimugmail]

It's not a bug, it's a known issue.

[xalib]

It's not a bug, it's a known issue.

Does this mean it will get fixed in the future?

Is there a workaround?

[mimugmail]

Workaround is to disable IPS/Sensei on the interface where you want to catch graphs, like switching from WAN to LAN.

There may be a fix out one day, but noone is working on it at high pressure

[Matriciel]

shame ... it is a problem form me ....