search

unifi-utilities / unifios-utilities

A collection of enhancements for UnifiOS based devices
GNU General Public License v3.0
3.86k stars 415 forks source link

Suricata 5.0.3 Container Crash #105

Closed opustecnica closed 3 years ago

opustecnica commented 3 years ago

Describe the bug When using the containerized version of Suricata (5.0.3) monitoring two interfaces (br0 & wg0) following instructions at https://github.com/boostchicken/udm-utilities/tree/master/suricata, the UTM daemon crashes at first eve_alert.log generation.

To Reproduce Steps to reproduce the behavior:

  1. Install and configure Wireguard-Go container
  2. Install and configure Suricata container
  3. Modify configuration file containing monitored interfaces 
    # cat /run/ips/config/iface.yaml
%YAML 1.1
---
pcap:
- interface: br0
- interface: wg0
  4. pkill suricata 5 Connect to UDM via WireGuard
  5. Force an event e.g. curl -A "BlackSun" www.somedomain.tld

Expected behavior An IPS alert is generated in Alerts and Events. This indeed happens but it is soon followed by a UTM crash.

UDM Information

Model:       UniFi Dream Machine
Version:     1.8.6-2.2969
MAC Address: 74:83:c2:xx:yy:zz
IP Address:  nnn.nnn.nnn.nnn
Hostname:    UDM
Uptime:      40737 seconds

Additional context Any suggestion is welcome.

boostchicken commented 3 years ago

Suricata is now updated on 1.9.0