Suricata shows a warning on boot #1233
Comments
|
What should we do here? Mute the output and potentially remove useful hints as to why Suricata may not work as expected? |
|
I would prefer if It would be changed like described in the warning as it says it is faster and always the fastest option should be used if it does not break anything else ;) |
|
It complains about not having selected IPS mode, which is a valid configuration option... |
|
Maybe suricata wants to use netmap regardless of running IPS or not. Maybe there is something in the configuration where IPS can be disabled while using netmap. |
|
PCAP mode is sane and safe. Netmap requires newer hardware. I don't see how we should switch because there is a warning in Suricata. If anything it would help to report this to Suricata as a bug. We set suricata.yaml correctly and still have this warning ;) |
|
I think the warning is not referencing the yaml file but directly the command line. I also noticed I have this warning, and the current command line of my suricata (running in IDS, not IPS) is:
It seems to be complaining that we didn't explicitely told it to use netmap or pcap, and warns us. |
|
@speed47 the launcher script is from FreeBSD ports so ideally this needs to be fixed in coordination with them |
|
Actually, I think this patch might do the trick coupled with using "$suricata_pcap" |
|
Indeed, it should do the trick. I'll test by patching my rc with their diff and report if it works. |
|
I can confirm it works by applying their patch (https://bugs.freebsd.org/bugzilla/attachment.cgi?id=174112&action=diff). |
|
Thanks for testing 👍 I've prodded the bug report, maybe it can be included in FreeBSD soon. 😊 |
|
still delayed in FreeBSD... |
|
The suricata rc script is so royally inflexible that it's simply not possible to fix this warning from our end. |
The text was updated successfully, but these errors were encountered: