Loaded the nightly build of 130 and then managed to break IPS every time I restore a backup to the machine. Tried several rebuilds, off line or online loading but restoring backup from version 129 results in the IPS service no longer running. Tried a number of things, rebooting, stop/start IPS with no luck.
Backup up contains:
-Geoip groups
-Geoip Blocking
-Snort oinkcode but IDS is not enabled.
-Web Proxy disabled
-18 firewall rules several using Geoip groups.
Thanks and Regards
Wayne
Hello Wayne,
Thank you very much for your feedback!
I am very excited to have the new IPS released, but it looks like there are a couple of bumps in the road that we have to sort out.
Could you please open a bug report for me for this? I will assign this to Stefan so that he can have a look.
When a backup is being restored, there is a script called “convert-snort” that is being run. Could you run that manually and see if that reports any errors? I guess that the problem is there…
Best, -Michael
On 1 Apr 2019, at 05:15, Mentalic mentalic@cox.net wrote:
Loaded the nightly build of 130 and then managed to break IPS every time I restore a backup to the machine. Tried several rebuilds, off line or online loading but restoring backup from version 129 results in the IPS service no longer running. Tried a number of things, rebooting, stop/start IPS with no luck.
Backup up contains: -Geoip groups -Geoip Blocking -Snort oinkcode but IDS is not enabled. -Web Proxy disabled -18 firewall rules several using Geoip groups.
Thanks and Regards Wayne
Hello Michael
Created a bug report on this issue.
Ran the convert-snort script which reports: /var/ipfire/snort/settings not found - Nothing to do. Exiting!
Regards Wayne
-----Original Message----- From: Michael Tremer [mailto:michael.tremer@ipfire.org] Sent: Monday, April 01, 2019 4:49 AM To: Mentalic Cc: IPFire: Development-List; Stefan Schantl Subject: Re: Suricata core130
Hello Wayne,
Thank you very much for your feedback!
I am very excited to have the new IPS released, but it looks like there are a couple of bumps in the road that we have to sort out.
Could you please open a bug report for me for this? I will assign this to Stefan so that he can have a look.
When a backup is being restored, there is a script called “convert-snort” that is being run. Could you run that manually and see if that reports any errors? I guess that the problem is there…
Best, -Michael
On 1 Apr 2019, at 05:15, Mentalic mentalic@cox.net wrote:
Loaded the nightly build of 130 and then managed to break IPS every time I restore a backup to the machine. Tried several rebuilds, off line or online loading but restoring backup from version 129 results in the IPS service no longer running. Tried a number of things, rebooting, stop/start IPS with no luck.
Backup up contains: -Geoip groups -Geoip Blocking -Snort oinkcode but IDS is not enabled. -Web Proxy disabled -18 firewall rules several using Geoip groups.
Thanks and Regards Wayne
-
Mentalic -
Michael Tremer