Bug #4328
closedSuricata is not fully reading or loading the iprep files
Description
Hi,
I have been trying to use Suricata as IPS. I decided to use L2 approaching with AFP. My goal is to use IP Reputation mechanism to block lot of IPs from different blacklists.
I managed to configure everything and I could confirm iprep works like charm with a small custom iprep list, but it looks like the same mechanism fails when the list grows large or there are many reputation lists to load. After some tests it looks like Suricata is not fully reading the iprep files, or that there is a limit to the number of lines it can read/load.
Please check more details in the following posts:
- https://github.com/StamusNetworks/SELKS/issues/289
- https://forum.suricata.io/t/suricata-and-ip-blacklist/972/19
If there is a way to easily fix this issue or if you need more details, please let me know.
Please help!
Thank you
Files
Updated by Jeff Lucovsky almost 4 years ago
- Copied from Bug #4280: Suricata is not fully reading or loading the iprep files added
Updated by Jeff Lucovsky almost 4 years ago
- Status changed from Assigned to In Review
Updated by Jeff Lucovsky almost 4 years ago
- Status changed from In Review to Closed