[CALL FOR TESTING] Suricata version 8

Started by franco, October 09, 2025, 10:49:59 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
October 14, 2025, 09:46:30 AM #15 Last Edit: Today at 12:30:34 AM by jonny5
Installed 8.0.1 - works in IDS (OPNsense 25.7.5-amd64 - we do not IPS)

Use the logging and have modded things to use 'suricata-update' instead of the Policy rule management OPNSense feature

All of which still works great! Seems there was minimal 'suricata.yaml' file modifications too, will follow up here after combing through the latest published Suricata config file example

It should be mentioned (and this might be more in plugin or core - looking for help/direction):
It has been difficult to keep a 'custom.yaml' file, which can allow us to customize the Suricata config even more
We significantly use this, and as we've disabled the OPNSense IDS update cron task our 'custom.yaml' file at /usr/local/etc/suricata/ does not get replaced any more. It would be neat to either now, or in the future see about having a way to have a heavily customized 'custom.yaml' for Suricata that stays around natively (currently if we modify the template it breaks on copy/import).

Extra - the suricata-update thing:
https://www.nova-labs.net/using-suricata-update-on-opnsense/
Custom: ASRock 970 Extreme3 R2.0 / AMD FX-8320E / 32 GB DDR3 1866 / X520 & I350 / 500GB SATA
Print
Go Up Pages 1 2
User actions