IDS Alerts can't count?

Started by RadOD, July 08, 2021, 04:58:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 08, 2021, 04:58:01 PM
Is there a reason my alerts always default to 7? 

And I don't even know where to start here:


15 to 21 of 89 of nothing?
July 08, 2021, 08:07:05 PM #1
Maybe start with the version you are currently running.


Cheers,
Franco
July 09, 2021, 12:47:18 AM #2 Last Edit: July 09, 2021, 12:57:50 AM by RadOD
Versions:

Versions   OPNsense 21.1.8_1-amd64
FreeBSD 12.1-RELEASE-p19-HBSD
OpenSSL 1.1.1k 25 Mar 2021

Here is default view of alerts:

2015 hyundai azera 0 60

But if you increase the view to 100:

flag for zimbabwe emoticons
which is a few more than7!
July 13, 2021, 01:18:47 AM #3
Does it work like this for everyone?  It defaults to 7 and miscounts the pages on two different CPU's and does so on a fresh install.  It seems to work at blocking what its supposed to, so I can't complain really.  But odd...
July 13, 2021, 08:53:53 AM #4
I'm working on this, but on the dev track suricata version 6 has some issues that will get it stuck so I have to switch the testing machine... please sit tight :)


Cheers,
Franco
July 13, 2021, 09:41:16 PM #5 Last Edit: July 13, 2021, 09:47:16 PM by Fright
seems its in
https://github.com/opnsense/core/blob/376ee793c9a557f51baa95fb8af574c8209faeda/src/opnsense/scripts/suricata/queryAlertLog.py#L122
I'm not sure how it will affect performance if this is removed. 2500 lines works fine
February 27, 2022, 08:09:26 PM #6
This is still an issue with OPNsense 22.1.1_3-amd64.

Is there any plan to solve this ?

Regards, Urmel
Print
Go Up Pages1
User actions