Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata error - no logging
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: Suricata error - no logging (Read 10335 times)
im_etten
Newbie
Posts: 2
Karma: 0
Suricata error - no logging
«
on:
March 19, 2018, 08:35:17 pm »
I have a new setup and I logged on to the firewall device to check some items. I noticed that there was an error for the suricata.
SC_ERR_MISSING_CONFIG_PARM(118)
No logging compatible with dameon mode selected, suricata won't be able to log. Please update 'logging.outputs' in the YAML.
Suricata version 4.0.4 release.
Can someone let me know if this is something I need to fix and how?
Logged
myksto
Full Member
Posts: 106
Karma: 6
Re: Suricata error - no logging
«
Reply #1 on:
March 26, 2018, 04:18:35 pm »
I'm having the same error even though everything seems to be fine.
In OpNSense -> Services -> Intrusion Detection -> Administration -> Alerts I have some data, that's why I guess everything is ok.
The log file is empty (this might be strange I guess).
Everytime the firewall is rebooted I see the error posted by im_etten.
Should we edit some config file in Suricata dir o we can just ignore the message on console?
Thanks, Michele.
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: Suricata error - no logging
«
Reply #2 on:
March 26, 2018, 07:37:31 pm »
Turn on logging in IDS and it will go away. When logging is not enabled, Suricata cannot find a logging method and this produces the error. It can be ignored.
Logged
myksto
Full Member
Posts: 106
Karma: 6
Re: Suricata error - no logging
«
Reply #3 on:
March 26, 2018, 07:46:02 pm »
Thanks for reply.
Where can we turn logging on on IDS?
To tell the truth I can't find any flag to turn logging on or off.
Thanks, Michele.
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Suricata error - no logging
«
Reply #4 on:
March 27, 2018, 10:12:22 am »
It's "Enable syslog". We've discussed enabling this by default soon as it makes no sense offer it optionally anymore.
Cheers,
Franco
Logged
myksto
Full Member
Posts: 106
Karma: 6
Re: Suricata error - no logging
«
Reply #5 on:
March 27, 2018, 03:28:31 pm »
Ok, thanks. Error messages are not there anymore. Suricata log file is populeted.
Anyway now I have thesse messages on console:
471.089924 [ 254] generic_find_num_desc called, in tx 1024 rx 1024
471.096416 [ 262] generic_find_num_queues called, in txq 0 rxq 0
471.102544 [ 760] generic_netmap_dtor Restored native NA 0
471.117203 [ 254] generic_find_num_desc called, in tx 1024 rx 1024
471.123579 [ 262] generic_find_num_queues called, in txq 0 rxq 0
471.129740 [ 760] generic_netmap_dtor Restored native NA 0
471.158682 [ 254] generic_find_num_desc called, in tx 1024 rx 1024
471.187915 [ 262] generic_find_num_queues called, in txq 0 rxq 0
And I really don't know what they stands for: any suggestion? Can I ignore them?
Thanks again, Michele.
«
Last Edit: March 27, 2018, 03:43:50 pm by myksto
»
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: Suricata error - no logging
«
Reply #6 on:
March 27, 2018, 05:40:17 pm »
What NIC adapter are you using? Looks like you have one that defaults to the software netmap.
Best to turn off IPS if you don't have a netmap compatible NIC.
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Suricata error - no logging
«
Reply #7 on:
March 27, 2018, 05:40:51 pm »
Hi Michele,
These are Netmap emulation (IPS mode) diagnostics messages and can be safely ignored.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Suricata error - no logging
«
Reply #8 on:
March 27, 2018, 05:41:34 pm »
@dcol I think emulation mode is safe to run
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: Suricata error - no logging
«
Reply #9 on:
March 27, 2018, 06:36:14 pm »
Yes, emulation mode is safe. But optimal performance, however, is only obtained with netmap-enabled NIC drivers
Logged
myksto
Full Member
Posts: 106
Karma: 6
Re: Suricata error - no logging
«
Reply #10 on:
March 27, 2018, 07:42:00 pm »
@dcol
WAN NIC (the one where suricata works on) is a "Broadcom BCM5721" and OPNSense recognizes it as is BGE0.
Is that an netmap compatible NIC?
If it was not, I could swith to another NIC such as Intel Pro (Chipset 82571GB).
How can I know whether they're compatible or not?
Thanks, Michele.
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: Suricata error - no logging
«
Reply #11 on:
March 27, 2018, 09:54:41 pm »
Your Intel NIC would be netmap compatible using the em driver.
Netmap supports ixgbe, em, lem, re, igb drivers in FreeBSD
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Suricata error - no logging
«
Reply #12 on:
March 29, 2018, 07:54:43 am »
cxgbe, ixl and vtnet seems to be supported natively nowadays also.
Logged
myksto
Full Member
Posts: 106
Karma: 6
Re: Suricata error - no logging
«
Reply #13 on:
March 29, 2018, 09:36:21 am »
Thanks to dcol and franco.
I switched my WAN from Broadcom to Intel NIC and messages on console disappeared.
To tell the truth I don't know what "IPS emulation mode" is and why those messages appear on console but now that I know that my Intel NIC is netmap supported, I'm more happy.
Thanks a lot and cheers, Michele.
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: Suricata error - no logging
«
Reply #14 on:
March 29, 2018, 04:33:09 pm »
To put it simply, IPS emulation mode means that netmap is managed by software. It deals with how the network stack is handled. Best way to explain it without all the technical jargon.
Logged
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata error - no logging