<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
<br>
<style>
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Verdana;}
</style>
Thank alot, works now!<br><br>mkdir /var/log/suricata<br><br>is the use of the inline mode analog to snort_inline ? <br>is it possible to use suricata for monitoring multiple Gb/s network without GPU help running a Quad-Core AMD Opteron 2350, 4 Gig of RAM ? without having network performance leakage ? <br><br><br>Best regards,<br> <br>Ihab <br><br><br><hr id="ecxstopSpelling">Date: Mon, 11 Jan 2010 08:07:04 -0600<br>Subject: Re: [Oisf-users] suricata running error<br>From: william.metcalf@gmail.com<br>To: ihab.elbakri@hotmail.com<br><br>Yes that is a bad error message that has been fixed in the latest version of the code in the git repo. This means that your log directory doesn't exist.<br><br>mkdir /var/log/suricata<br><br>or use -l to specify a directory where you have write permissions.<br>
<br>Regards,<br><br>Will<br><br><div class="ecxecxgmail_quote">On Mon, Jan 11, 2010 at 8:03 AM, Ihab el Bakri <span dir="ltr"><<a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a>></span> wrote:<br><blockquote class="ecxecxgmail_quote" style="padding-left: 1ex;">
<div>
<br>tried with suricata -c suricata.yaml -i eth1 -s /etc/snort/rules/x11.rules<br>another error :<br><br>[26132] 11/1/2010 -- 08:55:34 - (detect.c:2555) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done<br>
[26133] 11/1/2010 -- 08:55:34 - (source-pcap.c:235) <Info> (ReceivePcapThreadInit) -- using interface eth1<br>[26142] 11/1/2010 -- 08:55:34 - (alert-fastlog.c:171) <Error> (AlertFastlogThreadInit) -- [ERRCODE: SC_ERR_FAST_LOG_GENERIC_ERROR(58)] - Error getting context for AlertFastLog. "initdata" argument NULL<br>
[26143] 11/1/2010 -- 08:55:34 - (alert-unified-log.c:224) <Error> (AlertUnifiedLogThreadInit) -- [ERRCODE: SC_ERR_UNIFIED_LOG_GENERIC_ERROR(60)] - Error getting context for UnifiedLog. "initdata" argument NULL<br>
[26144] 11/1/2010 -- 08:55:34 - (alert-unified2-alert.c:495) <Error> (Unified2AlertThreadInit) -- [ERRCODE: SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR(63)] - Error getting context for Unified2Alert. "initdata" argument NULL<br>
[26145] 11/1/2010 -- 08:55:34 - (alert-debuglog.c:198) <Error> (AlertDebuglogThreadInit) -- [ERRCODE: SC_ERR_DEBUG_LOG_GENERIC_ERROR(59)] - Error getting context for DebugLog. "initdata" argument NULL<br>
Thread "AlertFastlog&Httplog" closed on initialization...<br>ERROR: Engine initialization failed, aborting...<br><br>Best Regards,<br> <br>Ihab <br><br><hr>Date: Mon, 11 Jan 2010 07:49:58 -0600<br>Subject: Re: [Oisf-users] suricata running error<br>
From: <a href="mailto:william.metcalf@gmail.com">william.metcalf@gmail.com</a><br>To: <a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a><br>CC: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><div>
<div></div><div class="h5"><br><br>Well it looks like there is a bug there for sure. Although you are specify the configuration file multiple times.<br><br>suricata -c suricata.yaml -i eth1 -c /etc/snort/rules/x11.rules<br>
<br>should be ....<br><br>suricata -c suricata.yaml -i eth1 -s /etc/snort/rules/x11.rules<br>
<br>I will check in a bug for the other...<br><br>Regards,<br><br>Will<br>
<br><br>gdb /usr/local/bin/suricata <br><div>On Mon, Jan 11, 2010 at 7:42 AM, Ihab el Bakri <span dir="ltr"><<a href="mailto:ihab.elbakri@hotmail.com">ihab.elbakri@hotmail.com</a>></span> wrote:<br>
<blockquote style="padding-left: 1ex;">
<div>
Hello there , <br>I am having trouble running suricata with rules file, everytime i start suricata i get this msg :<br><br><br>root@test:~/suricata-current# suricata -c suricata.yaml -i eth1 -c /etc/snort/rules/x11.rules<br>
Warning: Invalid global_log_level assigned by user. Falling back on the default_log_level "Info"<br>Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters. Falling back on default log_format "[%i] %t - (%f:%l) <%d> (%n) -- "<br>
Warning: Output_interface not supplied by user. Falling back on default_output_interface "Console"<br>[26040] 11/1/2010 -- 08:39:17 - (suricata.c:425) <Info> (main) -- This is Suricata version 0.8.0<br>*** glibc detected *** suricata: free(): invalid pointer: 0xb7edc2a1 ***<br>
======= Backtrace: =========<br>/lib/tls/i686/cmov/libc.so.6[0xb7e1aa85]<br>/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e1e4f0]<br>suricata[0x80a725a]<br>suricata[0x80a741a]<br>suricata[0x804b2aa]<br>/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7dc5450]<br>
suricata[0x804a961]<br>======= Memory map: ========<br>08048000-080ca000 r-xp 00000000 08:01 91327 /usr/local/bin/suricata<br>080ca000-080cb000 rw-p 00082000 08:01 91327 /usr/local/bin/suricata<br>080cb000-08119000 rw-p 080cb000 00:00 0 [heap]<br>
b7c00000-b7c21000 rw-p b7c00000 00:00 0<br>b7c21000-b7d00000 ---p b7c21000 00:00 0<br>b7d87000-b7d91000 r-xp 00000000 08:01 1777680 /lib/libgcc_s.so.1<br>b7d91000-b7d92000 rw-p 0000a000 08:01 1777680 /lib/libgcc_s.so.1<br>
b7d99000-b7d9a000 rw-p b7d99000 00:00 0<br>b7d9a000-b7dae000 r-xp 00000000 08:01 83916 /usr/lib/libz.so.1.2.3.3<br>b7dae000-b7daf000 rw-p 00013000 08:01 83916 /usr/lib/libz.so.1.2.3.3<br>b7daf000-b7ef8000 r-xp 00000000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so">libc-2.7.so</a><br>
b7ef8000-b7ef9000 r--p 00149000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so">libc-2.7.so</a><br>b7ef9000-b7efb000 rw-p 0014a000 08:01 1777688 /lib/tls/i686/cmov/<a href="http://libc-2.7.so">libc-2.7.so</a><br>
b7efb000-b7efe000 rw-p b7efb000 00:00 0<br>b7efe000-b7f24000 r-xp 00000000 08:01 87668 /usr/lib/libpcre.so.3.12.1<br>b7f24000-b7f25000 rw-p 00026000 08:01 87668 /usr/lib/libpcre.so.3.12.1<br>b7f25000-b7f26000 rw-p b7f25000 00:00 0<br>
b7f26000-b7f41000 r-xp 00000000 08:01 565249 /usr/local/lib/libyaml-0.so.2.0.1<br>b7f41000-b7f42000 rw-p 0001a000 08:01 565249 /usr/local/lib/libyaml-0.so.2.0.1<br>b7f42000-b7f56000 r-xp 00000000 08:01 1777702 /lib/tls/i686/cmov/<a href="http://libpthread-2.7.so">libpthread-2.7.so</a><br>
b7f56000-b7f58000 rw-p 00013000 08:01 1777702 /lib/tls/i686/cmov/<a href="http://libpthread-2.7.so">libpthread-2.7.so</a><br>b7f58000-b7f5a000 rw-p b7f58000 00:00 0<br>b7f5a000-b7f60000 r-xp 00000000 08:01 88329 /usr/lib/libnfnetlink.so.0.2.0<br>
b7f60000-b7f61000 rw-p 00005000 08:01 88329 /usr/lib/libnfnetlink.so.0.2.0<br>b7f61000-b7f63000 r-xp 00000000 08:01 88309 /usr/lib/libnetfilter_queue.so.1.1.0<br>b7f63000-b7f64000 rw-p 00001000 08:01 88309 /usr/lib/libnetfilter_queue.so.1.1.0<br>
b7f64000-b7f77000 r-xp 00000000 08:01 89678 /usr/lib/libnet.so.1.3.0<br>b7f77000-b7f78000 rw-p 00013000 08:01 89678 /usr/lib/libnet.so.1.3.0<br>b7f78000-b7f7a000 rw-p b7f78000 00:00 0<br>b7f7a000-b7f97000 r-xp 00000000 08:01 87729 /usr/lib/libpcap.so.0.7.2<br>
b7f97000-b7f98000 rw-p 0001d000 08:01 87729 /usr/lib/libpcap.so.0.7.2<br>b7f98000-b7fa6000 r-xp 00000000 08:01 88130 /usr/lib/libhtp-0.1.so.1.0.2<br>b7fa6000-b7fa7000 rw-p 0000e000 08:01 88130 /usr/lib/libhtp-0.1.so.1.0.2<br>
b7fac000-b7fb0000 rw-p b7fac000 00:00 0<br>b7fb0000-b7fb1000 r-xp b7fb0000 00:00 0 [vdso]<br>b7fb1000-b7fcb000 r-xp 00000000 08:01 1779190 /lib/<a href="http://ld-2.7.so">ld-2.7.so</a><br>b7fcb000-b7fcd000 rw-p 00019000 08:01 1779190 /lib/<a href="http://ld-2.7.so">ld-2.7.so</a><br>
bffc9000-bffde000 rw-p bffeb000 00:00 0 [stack]<br>Aborted<br><br>Running Ubuntu 8.04 server <br><br><br>I will be pleased for any help <br><br>thanks in advance <br><font color="#888888">Ihab El Bakri <br> </font><div>
<br><hr>Windows Live Hotmail: <a href="http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009">Your friends can get your Facebook updates, right from HotmailŪ.</a></div>
</div>
<br>_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br></blockquote></div><br> <br></div></div><hr>Windows Live: <a href="http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010">Friends get your Flickr, Yelp, and Digg updates when they e-mail you.</a></div>
</blockquote></div><br> <br><hr>Windows Live: Keep your friends up to date <a href="http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010">with what you do online.</a> <br /><hr />Windows Live Hotmail: <a href='http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009' target='_new'>Your friends can get your Facebook updates, right from HotmailŪ.</a></body>
</html>