Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
OPNsense 17.7.1_2-amd64, Suricata broken
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense 17.7.1_2-amd64, Suricata broken (Read 8425 times)
Free_Norway
Newbie
Posts: 26
Karma: 1
OPNsense 17.7.1_2-amd64, Suricata broken
«
on:
September 09, 2017, 11:10:53 am »
Hi all
First I want to thank the OPNsense Team for the excellent work they are doing, this is an amazing product.
I have a problem with suricata.
After some small changes in the configuration(don't really remember what I changed), suricata doesn't want to start.
I have tried disabling it and reboot, changing the settings back and forth, reinstall suricata....
but nothing helps.
When I try to start it from the GUI, the following lines appear in the log:
Sep 9 11:08:08 configd.py: [f7917fa0-b5e3-4953-8317-1094d29ece73] returned exit status 1
Sep 9 11:08:08 root: /usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
Sep 9 11:08:08 configd.py: [f7917fa0-b5e3-4953-8317-1094d29ece73] start suricata daemon
Since I'm no expert, I really don't know what it means.
Help please!
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #1 on:
September 09, 2017, 11:22:52 am »
This tells nothing useful. Can you try to run surricata from command line? Maybe it shows an error message.
Logged
Free_Norway
Newbie
Posts: 26
Karma: 1
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #2 on:
September 09, 2017, 12:19:25 pm »
Hi Fabian
Thanks for the reply.
I'am not shure this is the right command, but it produced the same output
#service suricata restart
suricata not running? (check /var/run/suricata.pid).
Starting suricata.
9/9/2017 -- 12:13:31 - <Info> - Including configuration file installed_rules.yaml.
/usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
Are there other commands I can try?
Regards
Seb
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #3 on:
September 09, 2017, 12:24:33 pm »
In the IDS GUI the button "download & update rules" should fix this.
It's trying to load rules that are not installed.
Cheers,
Franco
Logged
Free_Norway
Newbie
Posts: 26
Karma: 1
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #4 on:
September 09, 2017, 01:27:39 pm »
Tried, but its still the same.
Is it possible to reset/delete things in the suricata folder to trigger the creation of new files?
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #5 on:
September 09, 2017, 04:41:06 pm »
Does this also happen when you uncheck all rulesets and apply?
Logged
Free_Norway
Newbie
Posts: 26
Karma: 1
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #6 on:
September 09, 2017, 06:10:58 pm »
Still the same result.
All i have tried doesnt help.
Logged
Free_Norway
Newbie
Posts: 26
Karma: 1
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #7 on:
September 11, 2017, 01:30:35 am »
Since it's an VM, i did an new install to fix the problem.
I did encounter the same problem once more after an unclean shutdown.
Maybe that was the problem
Logged
jromang
Newbie
Posts: 3
Karma: 0
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #8 on:
September 13, 2017, 08:03:45 pm »
I have exaclty the same problem, what shoud I do to solve it without reinstalling ?
Logged
jromang
Newbie
Posts: 3
Karma: 0
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #9 on:
September 13, 2017, 08:06:03 pm »
Sep 13 20:04:58 configd.py: [bb017f81-26c1-45ae-8da5-5808c6bbb58b] returned exit status 1
Sep 13 20:04:58 root: /usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
Sep 13 20:04:58 configd.py: [bb017f81-26c1-45ae-8da5-5808c6bbb58b] start suricata daemon
Sep 13 20:04:57 configd.py: [445854f1-64f9-4d4a-8b6d-cdec3b8d848f] request pfctl byte/packet counters
Sep 13 20:04:43 configd.py: [cf60e5e4-afcf-4ba0-b5dd-88b8d0f1b298] request installable rules
Sep 13 20:04:43 configd.py: [cabead5f-9c8e-494f-ad01-b6b0e14e56bd] request installable rules
Sep 13 20:04:41 configd.py: [374cd2e9-4508-4e01-87fb-5315de5f0683] get suricata daemon status
Logged
Stephan
Jr. Member
Posts: 60
Karma: 3
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #10 on:
September 13, 2017, 09:00:59 pm »
I had the problem after an unclean shutdown - the pid file didn't get deleted / or still was there and suricata refused to start .
After deleting the file /var/run/suricata.pid it worked again
Logged
jromang
Newbie
Posts: 3
Karma: 0
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #11 on:
September 13, 2017, 09:27:06 pm »
Thanks, after removing the file it works again
Logged
Stephan
Jr. Member
Posts: 60
Karma: 3
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #12 on:
September 13, 2017, 09:31:11 pm »
glad to here it worked
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: OPNsense 17.7.1_2-amd64, Suricata broken
«
Reply #13 on:
September 13, 2017, 10:49:39 pm »
Incidentally, 17.7.2 now clears all of /var/run on boot so this should never happen again. Sorry for the hiccup!
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
OPNsense 17.7.1_2-amd64, Suricata broken