What's new

Suricata Suricata - IDS on AsusWRT Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Failure when trying to set feature via ioctl for 'eth0': Operation not supported (95)
There are two possibilities, either your WAN is configured incorrectly or your device does not support it.
 
Does Suricata support IPv6 ?
 
Following the readthedocs link:
upload_2020-6-27_20-47-37.png


No NFQ in the Suricata linked..

upload_2020-6-27_20-49-29.png


Please elaborate... will this build work without NFQ to interact with Skynet if using the commands for IPTables alone?

TIA
 
Hi! I'm late to the show. Are there any prefered settings that are not default that i should be looking at? I'm a weekend warrior and don't have time to read through the 300 posts. Thanks.

Secondly will this run alongside skynet and diversion?
 
Hi! I'm late to the show. Are there any prefered settings that are not default that i should be looking at? I'm a weekend warrior and don't have time to read through the 300 posts. Thanks.

Secondly will this run alongside skynet and diversion?
i'm running it with skynet/diversion/unbound/cake
BTW, on my 600Mbps connection, suricata reduced my top speed by 50Gbps. impact will depend on your line (probably smaller impact at lower speeds)

for install i just followed post #1 and made sure i got latest versions from github project page.

unfortunately there;s no script for install/update
it's easy to install, but a proper script would be nice. specially for updates. right now updates work by visiting github and checking if the yaml file was updated recently by @rgnldo and manually applying diffs.
also note that a lot of threats are already filtered by skynet (meaning i don't get a lot of threats detected by suricata). suricata is good if you want absolute peace of mind and were using or thinking of using AIProtect to begin with. suricata will allow you to get rid of the trend micro spyware, and it's better.
another thing, as this still feels like a work in progress, there's no clear path at the moment on how to eventually go from suricata v4 (current) to suricata v5.
 
Last edited:
i'm running it with skynet/diversion/unbound/cake
BTW, on my 600Mbps connection, suricata reduced my top speed by 50Gbps. impact will depend on your line (probably smaller impact at lower speeds)

for install i just followed post #1 and made sure i got latest versions from github project page.

unfortunately there;s no script for install/update
it's easy to install, but a proper script would be nice. specially for updates. right now updates work by visiting github and checking if the yaml file was updated recently by @rgnldo and manually applying diffs.
also note that a lot of threats are already filtered by skynet (meaning i don't get a lot of threats detected by suricata). suricata is good if you want absolute peace of mind and were using or thinking of using AIProtect to begin with. suricata will allow you to get rid of the trend micro spyware, and it's better.
another thing, as this still feels like a work in progress, there's no clear path at the moment on how to eventually go from suricata v4 (current) to suricata v5.
I think there were changes, yes, in Suricata. v 4.1.6, v 4.1.7 and now v 4.1.8

There is no problem with Skynet or another application. It just isn't integrated.
 
I don't see a link to the github page in post #1 did I miss something?
 
there is no link but you can google "rgnldo suricata github" and find:
https://github.com/rgnldo/knot-resolver-suricata


in any case, if you follow install instructions of post #1 you'll get latest version
Up and running the only strangeness was that the /opt/var/lib/suricata/rules/ directory and contents wasn't created so I did it manually and it updates the rules now. Seems nice no messages in the log and it checks itself in the middle of the night. Sweet!
 
Up and running the only strangeness was that the /opt/var/lib/suricata/rules/ directory and contents wasn't created so I did it manually and it updates the rules now. Seems nice no messages in the log and it checks itself in the middle of the night. Sweet!
you can check for threats detected in /opt/var/log/suricata/fast.log

also if you read through the thread there are instructions on out to get the logs going with syslog/logrotate so you can see it on the router's webgui
 
Actually, I was pinged to contribute....so created a very basic install/Update manager script.

see this post#

could that post get its own [release] thread?
and it makes it easier for us to send you a barrage of requests and other user banter! ;-)
thank you
 
Last edited:
Thanks to @Martineau I tried to install Suricata, but it seems that since I use trendmicro and flexqos that its not possible. :( I know that Skynet is being discussed but what about those of us who don't use cakeqos.
upload_2020-6-28_10-56-12.png
 
Thanks to @Martineau I tried to install Suricata, but it seems that since I use trendmicro and flexqos that its not possible. :( I know that Skynet is being discussed but what about those of us who don't use cakeqos.
View attachment 24348
suricata is not compatible with adaptiveqos/flexqos. it is compatible with cake/skynet.

i use: skynet/diversion/cake/unbound/suricata.
are you positively sure that you need flexqos and that cake is not enough?
i can stream 4k/webex/upload/download/zoom with cake without issues.
i do miss the visual reports on traffic distribution from flexqos, but flexqos wasn't able to control my latency during saturation of UL line, for my setup at least
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top