Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Suricata 7
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata 7 (Read 2783 times)
yeraycito
Sr. Member
Posts: 288
Karma: 17
Suricata 7
«
on:
August 01, 2023, 02:05:00 am »
After formatting my mini-pc with the Opnsense 23.7 Release Candidate today I upgraded to the stable version. Once upgraded I decided to try Suricata 7 and I had the same problems as mentioned here:
https://forum.opnsense.org/index.php?topic=34997.0
To solve these problems I have added the command mentioned in this post in Suricata's custom.yaml file and indeed these problems are solved. Suricata 7 brings a lot of changes and among them are the support for http2 and quic but in the suricata.yaml file they don't appear unlike the suricata.yaml file in Github. I don't know if I did it right but to activate this support I added the following commands in the custom.yaml file
stream.midstream-policy: ignore
http2:
enabled: yes
quic:
enabled: yes
This way Suricata 7 works great, in fact it has a much better performance compared to Suricata 6.x.x.
The problem comes when I restart Opnsense, the custom.yaml file appears blank without the modifications added and I have to put it back by accessing Opnsense via ssh. That is, the custom.yaml file does not survive Opnsense restarts.
The custom.yaml file is located in the path usr/local/etc/suricata
I don't know if there is another custom.yaml file elsewhere that survives Opnsense restarts.
Logged
Koldnitz
Jr. Member
Posts: 84
Karma: 13
Re: Suricata 7
«
Reply #1 on:
August 01, 2023, 03:30:43 am »
I believe you are going to have to use templates to achieve this.
https://docs.opnsense.org/development/backend/templates.html
The only time I have done this was with unbound ....when they took away the custom box.
https://docs.opnsense.org/manual/unbound.html
... Scroll down to advanced configurations.
I think this is how you set it up so your custom additions (outside the UI) survive reboots.
Cheers,
«
Last Edit: August 01, 2023, 04:46:41 am by Koldnitz
»
Logged
XeroX
Full Member
Posts: 114
Karma: 7
Re: Suricata 7
«
Reply #2 on:
August 01, 2023, 04:09:39 pm »
Edit custom.yaml here, its persistent:
/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml
I'vent found the code where I could add it to the UI as textfield yet.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Suricata 7