From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mentalic To: development@lists.ipfire.org Subject: RE: Suricata core130 Date: Mon, 01 Apr 2019 08:43:55 -0500 Message-ID: <000b01d4e890$f3682390$da386ab0$@net> In-Reply-To: <6A916025-05B5-4345-A5E4-67CAD72AA032@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1269426302682044419==" List-Id: --===============1269426302682044419== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael Created a bug report on this issue. Ran the convert-snort script which reports:=20 /var/ipfire/snort/settings not found - Nothing to do. Exiting! Regards Wayne -----Original Message----- From: Michael Tremer [mailto:michael.tremer(a)ipfire.org]=20 Sent: Monday, April 01, 2019 4:49 AM To: Mentalic Cc: IPFire: Development-List; Stefan Schantl Subject: Re: Suricata core130 Hello Wayne, Thank you very much for your feedback! I am very excited to have the new IPS released, but it looks like there are a= couple of bumps in the road that we have to sort out. Could you please open a bug report for me for this? I will assign this to Ste= fan so that he can have a look. When a backup is being restored, there is a script called =E2=80=9Cconvert-sn= ort=E2=80=9D that is being run. Could you run that manually and see if that r= eports any errors? I guess that the problem is there=E2=80=A6 Best, -Michael > On 1 Apr 2019, at 05:15, Mentalic wrote: >=20 > Loaded the nightly build of 130 and then managed to break IPS every time I = restore a backup to the machine. Tried several rebuilds, off line or online l= oading but restoring backup from version 129 results in the IPS service no lo= nger running. Tried a number of things, rebooting, stop/start IPS with no luc= k. =20 > =20 > Backup up contains: > -Geoip groups > -Geoip Blocking > -Snort oinkcode but IDS is not enabled. > -Web Proxy disabled > -18 firewall rules several using Geoip groups. > =20 > Thanks and Regards > Wayne --===============1269426302682044419==--