Hello Wayne,
thanks for the additional feedback, I answered the first part in the previous mail.
Reinstalled, IPS ran until I poked a few rule sets active then it blocked all red regardless if I unchecked the rules. Un-checking IPS box's no good, had to reboot. IPS service listings under Status>services never go green.
Of course, this is a bug, because the CGI script needs to be adjusted too, to work with suricata instead of snort. Thanks for reporting it.
Best regards,
-Stefan
Regards Wayne
-----Original Message----- From: Mentalic [mailto:mentalic@cox.net] Sent: Thursday, February 14, 2019 5:37 PM To: 'Stefan Schantl'; 'development@lists.ipfire.org' Subject: RE: IPFire meets Suricata - Call for tester
Used the download image link and loaded on my test box, noticed a few issues with it.
-When Intrusion monitoring is enabled on red interface all traffic to red stops with empty IDS log. -Intrusion detection Seems to be limited to one rules list source at a time. Maybe feature of Suricata? -Under "status" tab, any graphic trend display fails to load with "contains errors"
Regards Wayne
-----Original Message----- From: Development [mailto:development-bounces@lists.ipfire.org] On Behalf Of Stefan Schantl Sent: Thursday, February 14, 2019 8:29 AM To: development@lists.ipfire.org Subject: Re: IPFire meets Suricata - Call for tester
Hello list,
suricata development goes on, so I'm happy to announce the first release candidate on this list.
The biggest difference to any previous versions is, this time an update tarball for any IPFire installations is available. So anybody now easily can download and install it on an existing system without doing a fresh installation.
The tarball (currently only x86_64) can be grabbed from here:
https://people.ipfire.org/~stevee/suricata/
To start testing download the tarball and place it on your IPFire system. Extract the tarball and launch the install (install.sh) script.
During installation snort will be stopped (if running), new files will be placed on the system, your taken snort settings will be converted to get used by suricata and finally suricata will be started (if snort was used before) to start protecting the configured networks.
If you prefer a fresh installation, the latest image can be grabbed from here:
https://nightly.ipfire.org/next-suricata/latest/x86_64/
Direct link for downloading the ISO image:
https://nightly.ipfire.org/next-suricata/latest/x86_64/ipfire-2.21.x86_64-fu...
Thanks for downloading and testing. There are no known bugs so far, as usual please file any bugs to our bugtracker ( https://bugzilla.ipfire.org) and share your feedback on the list.
Best regards,
-Stefan