Hello,
I've recently bought the home pro license for untangle. I enabled IPS and found that it tends to stop reporting attacks. It seems to "crash" at least once per day. What I've seen is that the process shows as running. Yet it stops logging and\or blocking any attacks. I simply disable then enable IPS and it works agian for the day.
I was getting an error with the modbus signatures. I resolved it by disabling the sigs for it. However, I am now getting a new warning regarding checksum files.
opening hash file /etc/suricata/fileextraction-chksum.list: No such file or directory
error parsing signature "reject http any any -> any any ( msg:"Black list checksum match and extract MD5"; filemd5:fileextraction-chksum.list; filestore; sid:28; rev:1; )" from file /etc/suricata at line 28931
opening hash file /etc/fileextraction-chksum.list: No such file or directory
error parsing signature "reject http any any -> any any ( msg:"Black list checksum match and extract SHA1"; filesha1:fileextraction-chksum.list; filestore; sid:29; rev:1; )" from file /etc at line 28932
opening hash file //fileextraction-chksum.list: No such file or directory
error parsing signature "reject http any any -> any any ( msg:"Black list checksum match and extract SHA256"; filesha256:fileextraction-chksum.list; filestore; sid:30; rev:1; )" from file / at line 28933
Any help would be greatly appreciated!