OPNsense 17.7.1_2-amd64, Suricata broken

Started by Free_Norway, September 09, 2017, 11:10:53 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 09, 2017, 11:10:53 AM
Hi all

First I want to thank the OPNsense Team for the excellent work they are doing, this is an amazing product.

I have a problem with suricata.
After some small changes in the configuration(don't really remember what I changed), suricata doesn't want to start.
I have tried disabling it and reboot, changing the settings back and forth, reinstall suricata....
but nothing helps.
When I try to start it from the GUI, the following lines appear in the log:
Sep 9 11:08:08 configd.py: [f7917fa0-b5e3-4953-8317-1094d29ece73] returned exit status 1
Sep 9 11:08:08 root: /usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
Sep 9 11:08:08 configd.py: [f7917fa0-b5e3-4953-8317-1094d29ece73] start suricata daemon

Since I'm no expert, I really don't know what it means.

Help please! :)
September 09, 2017, 11:22:52 AM #1
This tells nothing useful. Can you try to run surricata from command line? Maybe it shows an error message.
September 09, 2017, 12:19:25 PM #2
Hi Fabian

Thanks for the reply.

I'am not shure this is the right command, but it produced the same output

#service suricata restart
suricata not running? (check /var/run/suricata.pid).
Starting suricata.
9/9/2017 -- 12:13:31 - <Info> - Including configuration file installed_rules.yaml.
/usr/local/etc/rc.d/suricata: WARNING: failed to start suricata

Are there other commands I can try?

Regards
Seb
September 09, 2017, 12:24:33 PM #3
In the IDS GUI the button "download & update rules" should fix this.

It's trying to load rules that are not installed.


Cheers,
Franco
September 09, 2017, 01:27:39 PM #4
Tried, but its still the same.

Is it possible to reset/delete things in the suricata folder to trigger the creation of new files?
September 09, 2017, 04:41:06 PM #5
Does this also happen when you uncheck all rulesets and apply?
September 09, 2017, 06:10:58 PM #6
Still the same result.

All i have tried doesnt help.
September 11, 2017, 01:30:35 AM #7
Since it's an VM, i did an new install to fix the problem.
I did encounter the same problem once more after an unclean shutdown.

Maybe that was the problem
September 13, 2017, 08:03:45 PM #8
I have exaclty the same problem, what shoud I do to solve it without reinstalling ?
September 13, 2017, 08:06:03 PM #9
Sep 13 20:04:58   configd.py: [bb017f81-26c1-45ae-8da5-5808c6bbb58b] returned exit status 1
Sep 13 20:04:58   root: /usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
Sep 13 20:04:58   configd.py: [bb017f81-26c1-45ae-8da5-5808c6bbb58b] start suricata daemon
Sep 13 20:04:57   configd.py: [445854f1-64f9-4d4a-8b6d-cdec3b8d848f] request pfctl byte/packet counters
Sep 13 20:04:43   configd.py: [cf60e5e4-afcf-4ba0-b5dd-88b8d0f1b298] request installable rules
Sep 13 20:04:43   configd.py: [cabead5f-9c8e-494f-ad01-b6b0e14e56bd] request installable rules
Sep 13 20:04:41   configd.py: [374cd2e9-4508-4e01-87fb-5315de5f0683] get suricata daemon status
September 13, 2017, 09:00:59 PM #10
I had the problem after an unclean shutdown - the pid file didn't get deleted / or still was there and suricata refused to start .
After deleting the file  /var/run/suricata.pid it worked again
September 13, 2017, 09:27:06 PM #11
Thanks, after removing the file it works again  :)
September 13, 2017, 09:31:11 PM #12
glad to here it worked  ;)
September 13, 2017, 10:49:39 PM #13
Incidentally, 17.7.2 now clears all of /var/run on boot so this should never happen again. Sorry for the hiccup!


Cheers,
Franco
Print
Go Up Pages1
User actions