SELKS 7 suricata rules not updating

Skip to first unread message

Darryl Mackay

Dec 1, 2022, 5:21:45 AM12/1/22
Hi all,

I have installed the SELKS 7 desktop and no-desktop iso images and I am unable to get the default source to update and populate through to the rest of Scirius.

Thank you.


Peter Manev

Dec 1, 2022, 7:13:32 AM12/1/22
to Darryl Mackay, SELKS
Hi Darryl

Thanks for trying SELKS out.
We also have live chat at discord here - should you wish faster answer
and reach bigger audience

Did the first time setup finish ok?
What is th etype of err you get ?

Thank you

Thank you
> --
> Discord: Let's talk about SELKS on
> Wiki:
> GitHub:
> Blog:
> Twitter: @StamusN
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit

Peter Manev

Darryl Mackay

Dec 2, 2022, 1:58:14 AM12/2/22
Here is the error I get when I try to update the source.

Source update error.png

Peter Manev

Dec 2, 2022, 4:12:22 AM12/2/22
to Darryl Mackay, SELKS
Hi Darryl,

Can you please answer the below questions , it would give me a better idea of what is going on :   
1 - Did the first time setup finish ok and without errors as per the message in my previous mail?
2 - Is this a fresh install?
3 - Does the SELKs install have an internet connection?
4 - What is the output of 
docker logs scirius 

Thank you

Peter Manev

Darryl Mackay

Dec 2, 2022, 11:35:02 PM12/2/22
Hi Peter,

I have managed to fix the problem regarding the updating. It turns out that the hardware I was trying to run SELKS 7 on, was not up to the task of doing the job. Currently I have SELKS running on a Dell PE R200 with 8GB of RAM and a 500GB HDD. When I go into Portainer and check the containers, they are all reporting either healthy or running. I have the unit setup to monitor activity between a pfSense firewall and the managed network switch at home. I also had a battle with getting the bridge on the SELKS stack to work and succeeded with this. Given some time I may post some screenshots of the traffic for the sake of posterity.

Sorry for the run around.


Peter Manev

Dec 3, 2022, 2:39:23 AM12/3/22
to Darryl Mackay, SELKS
Hi Darryl, 

Great to hear everything is good now!

How did you manage to get the bridge going ? 
I mean what was the problem you had ?

Thanks !

Peter Manev 

On 3 Dec 2022, at 05:35, Darryl Mackay <> wrote:

Darryl Mackay

Dec 3, 2022, 5:38:21 AM12/3/22
to Peter Manev, SELKS
Hi Peter,

To get the bridge working entailed editing the/etc/network/interfaces file as follows:-

auto eth0

iface eth0 inet manual

auto eth1

iface eth1 inet manual

auto br0

iface br0 inet manual

  bridge_ports eth0 eth1

  bridge_stp off

  bridge_waitport 0

  bridge_fd 0

Substitute eth0 and eth1 for the corresponding NICs which form the bridge. Next edit the /etc/sysctl.conf file and uncomment  the following line:-

# net.ipv4.ip_forward=1



Save the file and restart the SELKS device. The bridge should be up and running forwarding traffic between the 2 interfaces. The bridge can then be selected as the interface to be monitored. My glitch was trying to get the traffic to forward on the bridge.

My other glitch was dist-upgrading the SELKS device and crashed Suricata completely. I will be reinstalling everything and reading how to update without breaking things. Will be about 2 hours before I can do anything, because of a glorious South African thing called loadshedding. 


P.S. Sorry for repeating the email. Just wanted to include it to display on the group.
Reply all
Reply to author
0 new messages