Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Intrusion Detection
« previous
next »
Print
Pages: [
1
]
Author
Topic: Intrusion Detection (Read 1928 times)
raid3868
Newbie
Posts: 11
Karma: 0
Intrusion Detection
«
on:
December 15, 2021, 10:07:16 am »
Dear expert,
I have enable the IDS/IPS, when i ssh to my opnsense then top it show WCPU always consume 14%-15%, without any traffic. Is this normal when enable IDS/IPS?
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
63648 root 7 20 0 672M 311M nanslp 2 1:48 14.21% suricata
HOST DELL 740xd 20 CPUs x Intel(R) Xeon(R) Silver 4210 CPU @ 2.20GHz RAM 128 GB
Opnsense is vmguest with 8 vcpu and 16GB ram
network interface
10GB - internal with 2 vlan
1GB - external (WAN)
OPNsense 21.7.6-amd64
FreeBSD 12.1-RELEASE-p21-HBSD
OpenSSL 1.1.1l 24 Aug 2021
ids/ips configuration
------------------------
IPS mode=enable
Promiscuous mode=enable
Pattern matcher=Hyperscan
Interfaces=LAN
Rulesets=ET telemetry
Policies= All ET telemetry rulesets = alert and drop
log file show:
2021-12-15T16:45:43 suricata[63648] [100369] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
Tks
Logged
raid3868
Newbie
Posts: 11
Karma: 0
Re: Intrusion Detection
«
Reply #1 on:
December 16, 2021, 07:03:54 am »
Hi
Today i do a clean install.
install iso download from opnsense site, OPNsense-21.7.1-OpenSSL-dvd-amd64.iso.
after configure everything necessary then configure Intrusion detection downlaod all policy and configure as previous. start IDS. check at console command top.
suricata WCPU = 0.13%-0.17% ( something around this ) Look ok with this cpu usage.
Then i update to the latest OPNsense 21.7.7-amd64 reboot
check at console command top
suricata WCPU = 13%-15% i think something wrong with the latest update.
Anyone with this issue?
Please help tying to put into production to replace current cyberoam.
tks
Logged
raid3868
Newbie
Posts: 11
Karma: 0
Re: Intrusion Detection
«
Reply #2 on:
December 16, 2021, 09:52:38 am »
hi
I try to revert to 21.7.3 problem still the same.
using this command opnsense-revert -r 21.7.3 opnsense
suricata WCPU = 13%-15%
No luck, do someone know what is happening? Or is like this when IDS/IPS is enable.
Do anyone know business edition have the issue?
Any know how to restore without restoring ids/ips configuration. i would like do a factory reset but do not want to restore the IDS/IPS configutation.
Tks
«
Last Edit: December 16, 2021, 10:18:36 am by raid3868
»
Logged
raid3868
Newbie
Posts: 11
Karma: 0
Re: Intrusion Detection
«
Reply #3 on:
December 17, 2021, 05:14:20 am »
I found the issue. fix it don't is the right way, but suricata WCPU idle 1.3%-1.5%
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Intrusion Detection