suricata flooding logs - pppoe

Started by K2Van, October 19, 2023, 02:10:50 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 19, 2023, 02:10:50 AM
My logs get flooded with following message:

<171>1 2023-10-18T20:43:20+02:00 OPNsense.home.arpa suricata 70341 - [meta sequenceId="34716810"] [101173] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe1': (55u) No buffer space available

Google search delivers some results that OPNsense or actually freeBSD cannot cope with the pppoe interface of my provider (Dutch KPN). So I switched the interface from WAN to LAN but still the same messages. Switching off IPS also continues to give the same messages (in both cases the messages are still about the pppoe interface). The message above is actually with Suricata set to look at the LAN interface with IPS off.

Even when I untick enabled (in the Services - Intrusion detection - Administration menu) Suricata continues to produce these messages. Hence I think the settings are not actually being picked up. I also cannot disable the service from the dashboard.
Print
Go Up Pages1
User actions