Has anyone had this issue before? I changed my pc being used for IPFire but I have everything set in the same way that I have been doing for some years now. I have looked through all the settings many, many times now. I can’t spot the issue causing this. Are there any tests I can run to check it? Most likely something I didn’t set and my eyes just can’t see it. Any suggestions would be greatly appreciated.
That just means you have no hits yet.
1 Like
I have been going through my logs and just now found one that says this:
[ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames.
Now I just have to figure out why there are no filenames.
I’ve managed to get my IPS Log Viewer to show a few things. Took me all day. However, there are still issues. Let me post a couple for an example.
(1) SURICATA TCPv4 invalid checksum. Generic Protocol Command Decode.
(2) SURICATA STREAM 3way handshake excessive different SYNs. Generic Protocol Command Decode.
(3) SURICATA STREAM excessive retransmissions. Generic Protocol Command Decode.
(4) SURICATA UDPv4 invalid checksum. Generic Protocol Command Decode.
Everything in my log is a repeat of those 4 I’ve listed. Over and over. I had to remove Snort and Talos rulesets and replace with Emergingthreats.net Community just to get it to output those 4 I listed. I had nothing until I removed Snort and Talos.
I still don’t understand what is causing this. If anyone has knowledge of a URL that explains what I have done wrong I would be very appreciative if you would post it here. Any other help would be gratefully accepted. I thank any who would venture to try.