Suricata working? Openbsd fresh install

Openbsd 6.8 install.
I have tried suricata with opnsense on the same firewall, where suricata repport alerts, that I then could block.
In the opnsense web interface I search for p2p rules and tor and enabled them.

I dont get the same alerts from this setup. What is the problem, suricata not working? rules are not active?

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Searching this forum i found the suricatasc command.

iface-list
Success:
{
“count”: 1,
“ifaces”: [
“700”
]
}
iface-stat 700
Success:
{
“bypassed”: 0,
“drop”: 0,
“invalid-checksums”: 0,
“pkts”: 0
}

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Other sign of suricata life on the system

/var/log/suricata/fast.log

11/06/2020-12:50:23.255023 [] [1:2210046:2] SURICATA STREAM SHUTDOWN RST invalid ack [] [Classification: Unknown Classtype] [Priority: 3] {TCP}

There are more entries like this.

Also before alot of these:
11/03/2020-23:23:26.492759 [] [1:2200073:2] SURICATA IPv4 invalid checksum [] [Classification: Unknown Classtype] [Priority: 3]

By setting :
stream:
checksum-validation: auto

These does not flod the log any more.

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

suricata-update

suricata-update
6/11/2020 – 13:20:10 - – Using data-directory /var/lib/suricata.
6/11/2020 – 13:20:10 - – Using Suricata configuration /etc/suricata/suricata.yaml
6/11/2020 – 13:20:10 - – Using /usr/local/share/suricata/rules for Suricata provided rules.
6/11/2020 – 13:20:10 - – Found Suricata version 5.0.3 at /usr/local/bin/suricata.
6/11/2020 – 13:20:10 - – Loading /etc/suricata/enable.conf.
6/11/2020 – 13:20:10 - – Loading /etc/suricata/suricata.yaml
6/11/2020 – 13:20:10 - – Disabling rules for protocol modbus
6/11/2020 – 13:20:10 - – Disabling rules for protocol dnp3
6/11/2020 – 13:20:10 - – Disabling rules for protocol enip
6/11/2020 – 13:20:10 - – No sources configured, will use Emerging Threats Open
6/11/2020 – 13:20:10 - – Checking https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.md5.
6/11/2020 – 13:20:30 - – Fetching https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.
100% - 2746923/2746923
6/11/2020 – 13:20:37 - – Done.
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/app-layer-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/decoder-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/dhcp-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/dnp3-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/dns-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/files.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/http-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/ipsec-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/kerberos-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/modbus-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/nfs-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/ntp-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/smb-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/smtp-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/stream-events.rules
6/11/2020 – 13:20:38 - – Loading distribution rule file /usr/local/share/suricata/rules/tls-events.rules
6/11/2020 – 13:20:38 - – Ignoring file rules/emerging-deleted.rules
6/11/2020 – 13:20:56 - – Loaded 28235 rules.
6/11/2020 – 13:21:01 - – Disabled 14 rules.
6/11/2020 – 13:21:01 - – Enabled 31 rules.
6/11/2020 – 13:21:01 - – Modified 0 rules.
6/11/2020 – 13:21:01 - – Dropped 0 rules.
6/11/2020 – 13:21:03 - – Enabled 145 rules for flowbit dependencies.
6/11/2020 – 13:21:03 - – Backing up current rules.
6/11/2020 – 13:21:23 - – Writing rules to /var/lib/suricata/rules/suricata.rules: total: 28235; enabled: 21141; added: 46; removed 0; modified: 1305
6/11/2020 – 13:21:25 - – Testing with suricata -T.
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid logging method: interface, ignoring
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_FOPEN(44)] - could not open: “/etc/suricata/classification.config”: No such file or directory
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_OPENING_FILE(40)] - please check the “classification-file” option in your suricata.yaml file
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: “/etc/suricata/reference.config”: No such file or directory
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_OPENING_FILE(40)] - please check the “reference-config-file” option in your suricata.yaml file
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:1 uses unknown classtype: “protocol-command-decode”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “cve”
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “url”
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:345 uses unknown classtype: “misc-attack”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:365 uses unknown classtype: “trojan-activity”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:629 uses unknown classtype: “web-application-attack”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “bugtraq”
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:633 uses unknown classtype: “attempted-user”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “bid”
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:1002 uses unknown classtype: “command-and-control”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:1688 uses unknown classtype: “pup-activity”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:1701 uses unknown classtype: “coin-mining”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “md5”
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:1750 uses unknown classtype: “policy-violation”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “mcafee”
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2277 uses unknown classtype: “bad-unknown”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2278 uses unknown classtype: “string-detect”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2316 uses unknown classtype: “successful-user”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2336 uses unknown classtype: “successful-admin”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “nessus”
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2347 uses unknown classtype: “misc-activity”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2413 uses unknown classtype: “successful-recon-limited”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2416 uses unknown classtype: “attempted-admin”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2472 uses unknown classtype: “web-application-activity”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2563 uses unknown classtype: “not-suspicious”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:2711 uses unknown classtype: “exploit-kit”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3165 uses unknown classtype: “targeted-activity”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3249 uses unknown classtype: “social-engineering”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3372 uses unknown classtype: “attempted-recon”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “arachnids”
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3442 uses unknown classtype: “attempted-dos”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3513 uses unknown classtype: “denial-of-service”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3576 uses unknown classtype: “suspicious-login”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3646 uses unknown classtype: “shellcode-detect”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3694 uses unknown classtype: “suspicious-filename-detect”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:25 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:3994 uses unknown classtype: “default-login-attempt”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:26 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:5957 uses unknown classtype: “non-standard-protocol”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:26 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:6051 uses unknown classtype: “unknown”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:26 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:6090 uses unknown classtype: “credential-theft”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:26 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:6125 uses unknown classtype: “external-ip-check”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:26 - – [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key “secunia”
6/11/2020 – 13:21:26 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:6721 uses unknown classtype: “network-scan”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:26 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10203 uses unknown classtype: “domain-c2”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:27 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:15562 uses unknown classtype: “unsuccessful-user”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:27 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:18971 uses unknown classtype: “rpc-portmap-decode”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:27 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:19580 uses unknown classtype: “system-call-detect”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:21:28 - – [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:22378 uses unknown classtype: “successful-recon-largescale”, using default priority 3. This message won’t be shown again for this classtype
6/11/2020 – 13:22:01 - – Done.

changed configuration from suricata -700 to:
suricata -i em3

iface-list
Success:
{
“count”: 1,
“ifaces”: [
“em3”
]
}

iface-stat em3
Success:
{
“bypassed”: 0,
“drop”: 0,
“invalid-checksums”: 0,
“pkts”: 347523