deutschmannz
commented
11 months ago Hello fellow IT Professionals,
Good day! I am reaching out to get some troubleshooting help in relation to Suricata. Currently we are experiencing this error message when we look to start/stop/restart suricata inside our VM:
Inside Security Onion, we see that Suricata is running and generating many alerts, but we cannot tune these specific alerts inside Suricata, and it will not render our global.sls file. The current Global.sls file in security onion does not render correctly. This prevents us from applying changes. The goal is to be able to tune the suricata alerts so we can suppress, threshold or stop noises common alerts. In order to perform the tunning, we need to first fix the existing bug/corrupted Global.sls file. I have checked through my YAML configuration and ensured there are no syntax issues. When we check on the security onion statuses, we see that the docker container is up, and the so-suricata is not listed as available
But we are able to see this:
I was curious to see if anyone has encountered or have heard of this issue. I understand that the interface that suricata is enabled or could be disabled, I know that the Suricata socker container could not exist, or it is configured via a different manner, or a syntax error could be throwing off configurations (I have verified the YAML file has zero errors via free internet-based checkers). Any and all help is extremely helpful, and I appreciate the time taken to understand this problem and to troubleshoot solutions. Thanks in advance!
Commented down below highlights the issue I am experiencing with both Security Onion and Suricata. If anyone has experience with this issue or similar, please feel free to reach out. Thanks in advance, and I appreciate the support! Thank you.