Do not download the rules of the IPS Suricata

Ernesto_Lorenzo_Sord · February 10, 2019, 12:31am

nethserver-7.6.1810:
IPS: suricata
Hi, I just installed the new nethserver and when I install the ISP module (Suricata) that I give to download the rules it does the following process that I show in the image and then it is removed but I do not see that I download nothing remains as at the beginning before to click on the button to download rules. Can someone help me with this problem? Sin%20t%C3%ADtulo

federico.ballarini · February 10, 2019, 12:47am

Post suricata log to ser if there is something strange…

Ernesto_Lorenzo_Sord · February 10, 2019, 7:17pm

/log/suricata/eve.json.bookmark:{“path”:"/var/log/suricata/eve.json",“offset”:0,“size”:0,“sys”:{“inode”:134385592}}

/var/log/suricata/fast.log:it says nothing

/var/log/suricata/suricata.log:

9/2/2019 -- 18:37:48 - &lt;Notice&gt; - This is Suricata version 4.0.6 RELEASE 
9/2/2019 -- 18:37:48 - &lt;Warning&gt; - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames. 
9/2/2019 -- 18:37:48 - &lt;Notice&gt; - all 6 packet processing threads, 2 management threads initialized, engine started. 
9/2/2019 -- 18:37:51 - &lt;Notice&gt; - Signal Received. Stopping engine. 
9/2/2019 -- 18:37:51 - &lt;Notice&gt; - (RX-Q0) Treated: Pkts 2, Bytes 104, Errors 0 
9/2/2019 -- 18:37:51 - &lt;Notice&gt; - (RX-Q0) Verdict: Accepted 2, Dropped 0, Replaced 0 
9/2/2019 -- 18:37:51 - &lt;Notice&gt; - This is Suricata version 4.0.6 RELEASE 
9/2/2019 -- 18:37:51 - &lt;Warning&gt; - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames. 
9/2/2019 -- 18:37:51 - &lt;Notice&gt; - all 6 packet processing threads, 2 management threads initialized, engine started. 
9/2/2019 -- 18:38:02 - &lt;Notice&gt; - rule reload starting 
9/2/2019 -- 18:38:02 - &lt;Warning&gt; - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames. 
9/2/2019 -- 18:38:02 - &lt;Notice&gt; - rule reload complete 
9/2/2019 -- 18:38:02 - &lt;Notice&gt; - rule reload starting 
9/2/2019 -- 18:38:02 - &lt;Warning&gt; - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames. 
9/2/2019 -- 18:38:02 - &lt;Notice&gt; - rule reload complete 
9/2/2019 -- 18:39:52 - &lt;Notice&gt; - rule reload starting 
9/2/2019 -- 18:39:52 - &lt;Warning&gt; - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames. 
9/2/2019 -- 18:39:52 - &lt;Notice&gt; - rule reload complete 
9/2/2019 -- 19:11:18 - &lt;Notice&gt; - Signal Received. Stopping engine. 
9/2/2019 -- 19:11:19 - &lt;Notice&gt; - (RX-Q0) Treated: Pkts 24053, Bytes 7783468, Errors 0 
9/2/2019 -- 19:11:19 - &lt;Notice&gt; - (RX-Q0) Verdict: Accepted 24015, Dropped 37, Replaced 0 
9/2/2019 -- 19:11:19 - &lt;Notice&gt; - This is Suricata version 4.0.6 RELEASE 
9/2/2019 -- 19:11:19 - &lt;Warning&gt; - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames. 
9/2/2019 -- 19:11:19 - &lt;Notice&gt; - all 6 packet processing threads, 2 management threads initialized, engine started. 
9/2/2019 -- 19:11:29 - &lt;Notice&gt; - rule reload starting 
9/2/2019 -- 19:11:29 - &lt;Warning&gt; - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames. 
9/2/2019 -- 19:11:29 - &lt;Notice&gt; - rule reload complete 
10/2/2019 -- 07:29:23 - &lt;Notice&gt; - rule reload starting 
10/2/2019 -- 07:29:23 - &lt;Warning&gt; - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames. 
10/2/2019 -- 07:29:23 - &lt;Notice&gt; - rule reload complete

/var/log/suricata/eve.json:Nethgui:

404 - NethServer\Module\LogViewer\Read: resource not found

1366643514

federico.ballarini · February 10, 2019, 7:34pm

Can you reach and ping this https://rules.emergingthreats.net/ ? Try to ping from NS shell.

Ernesto_Lorenzo_Sord · February 10, 2019, 7:36pm

if I can access via web

Ernesto_Lorenzo_Sord · February 10, 2019, 7:39pm

in my network I use a proxy server, but I have already configured the proxy server in the options and it has allowed me to download and install several modules

federico.ballarini · February 10, 2019, 7:49pm

What is the result of the ping directly from the NethServer SSH?
Server proxy is on the same machine of Suricata? You can try disabling it temporarily.

Ernesto_Lorenzo_Sord · February 10, 2019, 7:55pm

let me explain a bit the structure of my network, my network is a node, which depends on another node and this at the same time of a national node, my ip wan is the following 192.168.24.177/28 using the ip 192.168.24.177 as door link and 192.168.24.9 as primary DNS and 192.168.24.13 as a proxy, currently we do not use local proxy, we use the provincial node proxy

federico.ballarini · February 10, 2019, 8:16pm

If you can reach previous url with ping, I think the problem is the proxy. I tried to download rules on my server and there isn’t any problem.
You can also try removing and reinstalling IPS from Software Center.

federico.ballarini · February 10, 2019, 11:57pm

You can also try set Proxy Settings in Network page.