Project

General

Profile

Actions

Bug #12506

open

Only selected instance is restarted on suppress list change

Added by Viktor Gurov 3 months ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Suricata
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

How to reproduce:

1) Create a Suppress List 'testsupplist'
2) Configure Suricata for the LAN interface and select 'testsupplist' in 'Alert Suppression and Filtering' drop-down menu
3) Configure Suricata for the OPT1 interface and select 'testsupplist' in 'Alert Suppression and Filtering' drop-down menu
4) Now, if you click "Add this alert to the Suppress List" on the Alerts tab for the LAN interface Suricata will be reloaded only for the LAN interface, but not for the OPT1 interface


Another issue with alert suppressing -

after adding an alert to the suppress list there is a message on top of the page:
"An entry for 'suppress gen_id 1, sig_id N' has been added to the Suppress List."
but there is no note about live-reloading
it should be:
"An entry for 'suppress gen_id 1, sig_id N' has been added to the Suppress List. Suricata is 'live-reloading' to apply the new Suppress list. Please wait at least 15 secs for the process to complete before toggling additional rules."

see https://github.com/pfsense/FreeBSD-ports/blob/devel/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_alerts.php#L571


pfSense-pkg-suricata-6.0.3_3

Actions #2

Updated by Renato Botelho about 2 months ago

  • Status changed from New to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions

Also available in: Atom PDF