New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suricata error after 24.1.2 update #7260
Comments
It seems this issue is already known and reported: |
Yea, was reported on Reddit also. |
I am having this exact same issue with the WAN flapping as a result. I have updated to the latest 24.1.2_1 and Suricata is still showing this same error message in logs. Any suggestions? |
Also, I am unable to use EDIT: The output of the above command is: EDIT: Okay...and now I see why. Only minor version reversions are allowed. You have to revert to the closest major version first. |
@mvmazijk For anyone else looking for something that actually works while not disabling Suricata and killing their network security. Here is what I have tested and seems to work. The forum links to support this comment are: The links above describe that Suricata 7 has moved for a default of "drop(Close)" instead of "ignore(Open)". This causes exceptions in Suricata causing the packets to be dropped. What worked for me was editing the file shown at the path below with the code following that. Be sure to have Suricata disabled in the WebUI before applying this fix. Once the file has been edited then re-enable Suricata in the WebUI and test the network. The logs will show the same NUMA errors so that is useless. OISF stated that they are moving the NUMA messages to the infromational channel in logging as it's not supposed to affect functionality. IMPORTANT: According to the documentation this effectively turns the "applayer" into IDS mode (Off) in the cases of exceptions. They also discuss more about how Suricata will act more like a firewall in this way from version 7 on. More information about this can be found here. File to edit: Code to add at the end of the file:
|
Issue is resolved with Suricata version 7.0.4 / OPNsense version 24.1.4. |
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
After upgrading OPNsense to version 24.1.2 I'm getting the following errors in Suricata. There errors weren't present prior to the update (version 24.1.1 running Suricata 6)
2024-02-20T23:49:30 | Error | suricata | [100539] -- failed to obtain number of NUMA nodes in the system
2024-02-20T23:49:30 | Error | suricata | [100539] -- unable to open /sys/devices/system/node
2024-02-20T23:49:30 | Error | suricata | [100539] -- failed to obtain number of NUMA nodes in the system
2024-02-20T23:49:30 | Error | suricata | [100539] -- unable to open /sys/devices/system/node
To Reproduce
Enable Suricata with a ruleset
Expected behavior
Quite obvious, but not showing the errors.
Describe alternatives you considered
I found a similar issue on Reddit (https://www.reddit.com/r/opnsense/comments/1avj9md/opnsense_2412_released/)
There a microcode update was suggested, however as I'm running OPNsense as a VM on Proxmox a microcode update isn't applicable in this case.
Screenshots
N/A
Relevant log files
N/A
Additional context
Looking at the error, it seems Suricata is looking the for the number of NUMA nodes in /sys/devices/system/node.
This location isn't present in OPNsense. This looks more of a location you would expect on a Linux machine.
Perhaps a forgotten line to adjust for the FreeBSD version?
Environment
OPNsense 24.1.2 (running on Proxmox).
Intel(R) Xeon(R) CPU E3-1265L V2
The text was updated successfully, but these errors were encountered: