View Poll Results: Does your IPS crash on its own in 14.1.2?

Voters
8. You may not vote on this poll
  • Yes, my suricata IPS in 14.1.2 crashes on its own periodically.

    2 25.00%
  • No, IPS never crashes nor just turns off by itself.

    5 62.50%
  • I am too lazy to check the Intrusion Prevention status page on a regular basis.

    1 12.50%
Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Oct 2014
    Location
    Omaha, NE
    Posts
    6

    Exclamation "Intrusion Prevention is enabled but is not active." IPS crashes

    IPS is crashing or stopping on its own. The Intrusion Prevention Status tab says "Intrusion Prevention is enabled but is not active" near the power button. I have turned it back on a few times, but pretty certain I will find it has turned itself off again in the next few hours to days. Anyone else having this problem? I am wondering if it occurs when it downloads a new set of rules and then can not load them properly. Or is it most likely that i have fubarred the rules, signatures, and variables so much, i simply need to start over. This is enirely possible. It used to stay up and running, maybe with the previous version.
    Last edited by pctechs; 05-01-2019 at 07:59 PM.

  2. #2
    Newbie
    Join Date
    Oct 2014
    Location
    Omaha, NE
    Posts
    6

    Question The variable list of IP addresses is causing problems again.

    Code:
    May  1 21:50:22 gateway135 suricata: [41099] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors
    May  1 21:50:22 gateway135 suricata: [41099] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var "MyPassList" with value "'[161.133.188.55/32,80.154.126.37/32]'". Please check it's syntax
    May  1 21:50:22 gateway135 suricata: [41099] <Error> -- [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address "'"
    May  1 21:50:22 gateway135 suricata[41099]: 1/5/2019 -- 21:50:22 - <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors
    May  1 21:50:22 gateway135 suricata[41099]: 1/5/2019 -- 21:50:22 - <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var "MyPassList" with value "'[161.133.188.55/32,80.154.126.37/32]'". Please check it's syntax
    May  1 21:50:22 gateway135 suricata[41099]: 1/5/2019 -- 21:50:22 - <Error> - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address "'"
    May  1 21:50:22 gateway135 suricata: [41099] <Notice> -- This is Suricata version 3.2.1 RELEASE
    May  1 21:50:22 gateway135 suricata[41099]: 1/5/2019 -- 21:50:22 - <Notice> - This is Suricata version 3.2.1 RELEASE
    May  1 21:50:22 gateway135 suricata[41099]: Initialization syslog logging with format "[%i] <%d> -- ".
    May  1 21:50:21 gateway135 suricata: [41097] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors
    May  1 21:50:21 gateway135 suricata: [41097] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var "MyPassList" with value "'[161.133.188.55/32,80.154.126.37/32]'". Please check it's syntax
    May  1 21:50:21 gateway135 suricata: [41097] <Error> -- [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address "'"
    May  1 21:50:21 gateway135 suricata[41097]: 1/5/2019 -- 21:50:21 - <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors
    May  1 21:50:21 gateway135 suricata[41097]: 1/5/2019 -- 21:50:21 - <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var "MyPassList" with value "'[161.133.188.55/32,80.154.126.37/32]'". Please check it's syntax
    May  1 21:50:21 gateway135 suricata[41097]: 1/5/2019 -- 21:50:21 - <Error> - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address "'"
    May  1 21:50:21 gateway135 suricata: [41097] <Notice> -- This is Suricata version 3.2.1 RELEASE
    May  1 21:50:21 gateway135 suricata[41097]: 1/5/2019 -- 21:50:21 - <Notice> - This is Suricata version 3.2.1 RELEASE
    May  1 21:50:21 gateway135 suricata[41097]: Initialization syslog logging with format "[%i] <%d> -- ".
    May  1 21:50:21 gateway135 suricata: [41078] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors
    May  1 21:50:21 gateway135 suricata: [41078] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var "MyPassList" with value "'[161.33.188.55/32,80.154.126.37/32]'". Please check it's syntax
    Before i had edited the yaml file directly to remove the extra quotes, but the gateway has been restarted since.
    These single
    Code:
    '[161.133.188.55/32,80.154.126.37/32]'
    quotes were around the entry in the GUI again.

    Anyone have syntax examples of working variable(s) of IP addresses in a list? This seems to work but eventually, Suricata chokes on it. Cant wait for 14.2.
    Last edited by pctechs; 05-01-2019 at 08:20 PM.

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,725

    Default

    Mine has single quotes on 14.1.2. Is this a variable you added?
    Last edited by jcoffin; 05-01-2019 at 10:47 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Master Untangler cblaise's Avatar
    Join Date
    Jul 2014
    Location
    Burlington, VT
    Posts
    129

    Default

    What does the exact line in suricata.yaml look like?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2