Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata - only latest alerts are shown
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata - only latest alerts are shown (Read 1803 times)
Georg
Newbie
Posts: 5
Karma: 1
Suricata - only latest alerts are shown
«
on:
July 05, 2021, 08:51:28 pm »
Hello everyone, I need your help, maybe some of you know a solution. Thank you in advance.
# STORY
Ive running Suricata for 2 years now. 2 days ago I had to reload some rules because I had some rules only on "alert" and not on "drop". And some of them I were not able to switch from alert to drop.
# WHAT I DID
Disabled Intrusion detection.
Restart.
Disabled all Sources in 'Download'.
Uninstalled 'os-intrusion-detection-content-et-open 1.0.1'.
Restart.
Installed 'os-intrusion-detection-content-et-open 1.0.1'.
Enabled all Sources in 'Download' and waited.
Enabled all rules which are not on drop by default via 'imported legacy import filter'.
--> Yes, Intrusion Detection is working, Ive tested it. But...
# PROBLEM NOW
I get some alerts on 'Alerts' tab, but only 7 of them. I cant switch to page 2, because then "No results found!". I cant search either, nor increase the number of shown alerts, nor refresh. The log time shows only the time, when the last alert was found.
This is pretty problematic, because then I cant find rules, which may blocked legit traffic. I added a screenshot.
# SYSTEM
OPNsense 21.1.7_1
# PLUGINS
os-etpro-telemetry 1.4_2
os-intrusion-detection-content-et-open 1.0.1
# BACKEND LOG
--> nothing really useful
2021-07-05T20:42:25 configd.py[68884] [916c3623-265e-40cd-aed6-2eb1c0cc4c87] Show log
2021-07-05T20:42:24 configd.py[68884] [7f849c6c-f86d-4171-bc2e-8630f72c35f0] Show log
2021-07-05T20:42:22 configd.py[68884] [d928641c-d3c9-48a5-abe4-055de86a1d84] Show log
2021-07-05T20:42:11 configd.py[68884] [fdaa5973-60df-46cf-8fec-b49f4f8e7c5e] get suricata daemon status
2021-07-05T20:42:11 configd.py[68884] [50eeac4f-2a04-48bf-b674-fd4c32bacd37] request suricata rule metadata
2021-07-05T20:42:11 configd.py[68884] [8ce79beb-1882-4c41-bf18-9bca9e60c698] Show log
Any ideas why the alert log is missing or only showing the first page and forgetting all other alerts? Did I missed something?
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Suricata - only latest alerts are shown
«
Reply #1 on:
July 06, 2021, 07:29:56 am »
See
https://github.com/opnsense/core/commit/85dd2fcaa5f
Fix via:
# opnsense-patch 85dd2fcaa5f
(Will be fixed in 21.1.8 tomorrow.)
Cheers,
Franco
Logged
Georg
Newbie
Posts: 5
Karma: 1
Re: Suricata - only latest alerts are shown
«
Reply #2 on:
July 06, 2021, 10:08:07 am »
Thats good news, I was afraid that I shot my config, puh.
Next time I will check GitHub first, thanks : )
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata - only latest alerts are shown