<div dir="ltr">Maybe u'r right,<br><br>for me the command <b>#suricata -c /etc/suricata/suricata.yaml -q 0
</b><br>output at the end:<br style="color: rgb(51, 0, 153);"><span style="color: rgb(51, 0, 153);">[4160] 7/6/2010 -- 16:22:10 - (tm-threads.c:1362) <Info> (TmThreadWaitOnThreadInit) -- all 7 packet processing threads, 3 management threads initialized, engine started.</span><br>
<br>wht does it mean ?<br><br>I'm like u, I'm trying suricata for the first time<br><div class="gmail_quote"><br><br>2010/6/7 Martin Spinassi <span dir="ltr"><<a href="mailto:martins.listz@gmail.com">martins.listz@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Anas,<br>
<br>
Thanks for the link.<br>
<br>
Yes, I've seen that one, but it doesn't seems to be for inline mode, as<br>
it uses the option "-i eth0" to capture the packets. Correct me if I'm<br>
wrong please.<br>
<br>
Regards,<br>
<font color="#888888"><br>
Martin<br>
</font><div><div></div><div class="h5"><br>
On Mon, 2010-06-07 at 16:15 +0100, Anas.B wrote:<br>
> Hi<br>
><br>
> Did u see this :<br>
><br>
> <a href="http://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initial-use-on-ubuntu-lucid-10-04.html" target="_blank">http://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initial-use-on-ubuntu-lucid-10-04.html</a><br>
><br>
> 2010/6/7 Martin Spinassi <<a href="mailto:martins.listz@gmail.com">martins.listz@gmail.com</a>><br>
> Will,<br>
><br>
> Thanks for you reply.<br>
><br>
> Here is my uname -a<br>
><br>
> Linux server 2.6.32-trunk-686 #1 SMP Sun Jan 10 06:32:16 UTC<br>
> 2010 i686<br>
> GNU/Linux<br>
><br>
> And my "lsmod" output:<br>
><br>
> Module Size Used by<br>
> xt_NFQUEUE 1565 2<br>
> nfnetlink_queue 5093 0<br>
> nfnetlink 1798 1 nfnetlink_queue<br>
> decnet 48505 0 [permanent]<br>
> xt_tcpudp 1743 2<br>
> iptable_filter 1790 1<br>
> ip_tables 7690 1 iptable_filter<br>
> x_tables 8335 3 xt_NFQUEUE,xt_tcpudp,ip_tables<br>
> ip_queue 3766 0<br>
> loop 9721 0<br>
> snd_intel8x0 19523 0<br>
> snd_ac97_codec 79136 1 snd_intel8x0<br>
> ac97_bus 710 1 snd_ac97_codec<br>
> snd_pcm 47350 2 snd_intel8x0,snd_ac97_codec<br>
> snd_timer 12258 1 snd_pcm<br>
> snd 33551 4<br>
> snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer<br>
> soundcore 3450 1 snd<br>
> shpchp 21220 0<br>
> parport_pc 15799 0<br>
> sis_agp 3145 1<br>
> pcspkr 1207 0<br>
> evdev 5609 3<br>
> parport 22554 1 parport_pc<br>
> snd_page_alloc 4977 2 snd_intel8x0,snd_pcm<br>
> pci_hotplug 18065 1 shpchp<br>
> agpgart 19516 1 sis_agp<br>
> button 3598 0<br>
> processor 25803 0<br>
> ext3 93828 6<br>
> jbd 31965 1 ext3<br>
> mbcache 3762 1 ext3<br>
> ide_cd_mod 21044 0<br>
> ide_gd_mod 17103 10<br>
> cdrom 26487 1 ide_cd_mod<br>
> ata_generic 2015 0<br>
> ohci_hcd 16804 0<br>
> ide_pci_generic 1924 0<br>
> sata_sis 2734 0<br>
> pata_sis 1538 1 sata_sis<br>
> 8139cp 13285 0<br>
> libata 113728 3 ata_generic,sata_sis,pata_sis<br>
> thermal 9206 0<br>
> sis5513 4888 8<br>
> ehci_hcd 27230 0<br>
> floppy 40923 0<br>
> 8139too 14849 0<br>
> scsi_mod 101073 1 libata<br>
> sis900 13731 0<br>
> mii 2714 3 8139cp,8139too,sis900<br>
> thermal_sys 9378 2 processor,thermal<br>
> usbcore 97930 3 ohci_hcd,ehci_hcd<br>
> nls_base 4541 1 usbcore<br>
> ide_core 63850 4<br>
> ide_cd_mod,ide_gd_mod,ide_pci_generic,sis5513<br>
><br>
><br>
> Thanks for your support!<br>
><br>
> Regards,<br>
><br>
> Martin<br>
><br>
><br>
> On Mon, 2010-06-07 at 09:59 -0500, Will Metcalf wrote:<br>
> > can you send output of lsmod and uname -a<br>
> ><br>
> > Regards,<br>
> ><br>
> > Will<br>
> ><br>
> > On Mon, Jun 7, 2010 at 9:53 AM, Martin Spinassi<br>
> <<a href="mailto:martins.listz@gmail.com">martins.listz@gmail.com</a>> wrote:<br>
> > > Hi list,<br>
> > ><br>
> > > I' trying suricata for my first time, but I'm having some<br>
> issues on<br>
> > > inline mode.<br>
> > ><br>
> > > This is part of the output of<br>
> > ><br>
> > > root@server# suricata<br>
> -c /etc/suricata/suricata-debian.yaml -q 0<br>
> > ><br>
> > ><br>
> > > <snip><br>
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:282) <Info><br>
> > > (StreamTcpInitConfig) -- stream "max_sessions": 262144<br>
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:294) <Info><br>
> > > (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768<br>
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:302) <Info><br>
> > > (StreamTcpInitConfig) -- stream "memcap": 67108864<br>
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:309) <Info><br>
> > > (StreamTcpInitConfig) -- stream "midstream" session<br>
> pickups: disabled<br>
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:317) <Info><br>
> > > (StreamTcpInitConfig) -- stream "async_oneside": disabled<br>
> > > [11657] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info><br>
> > > (TmThreadSetupOptions) -- Setting affinity for "Detect1"<br>
> Module to<br>
> > > cpu/core 0, thread id 11657<br>
> > > [11658] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info><br>
> > > (TmThreadSetupOptions) -- Setting affinity for "Verdict"<br>
> Module to<br>
> > > cpu/core 0, thread id 11658<br>
> > > [11659] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info><br>
> > > (TmThreadSetupOptions) -- Setting affinity for<br>
> "RespondReject" Module to<br>
> > > cpu/core 0, thread id 11659<br>
> > > [11660] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info><br>
> > > (TmThreadSetupOptions) -- Setting affinity for "Outputs"<br>
> Module to<br>
> > > cpu/core 0, thread id 11660<br>
> > > [11656] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info><br>
> > > (TmThreadSetupOptions) -- Setting affinity for "Stream1"<br>
> Module to<br>
> > > cpu/core 0, thread id 11656<br>
> > > [11655] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info><br>
> > > (TmThreadSetupOptions) -- Setting affinity for "Decode1"<br>
> Module to<br>
> > > cpu/core 0, thread id 11655<br>
> > > [11654] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info><br>
> > > (TmThreadSetupOptions) -- Setting affinity for<br>
> "ReceiveNFQ" Module to<br>
> > > cpu/core 0, thread id 11654<br>
> > > [11654] 7/6/2010 -- 11:47:40 - (source-nfq.c:241) <Error><br>
> > > (NFQInitThread) -- [ERRCODE: SC_ERR_NFQ_UNBIND(67)] -<br>
> nfq_unbind_pf()<br>
> > > for AF_INET failed<br>
> > ><br>
> > ><br>
> > > I googled it for a while, but I don't get anything but<br>
> source code of<br>
> > > suricata.<br>
> > ><br>
> > ><br>
> > > Any link/suggestion is very appreciated.<br>
> > > Thanks!<br>
> > ><br>
> > > Martin<br>
> > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > Oisf-users mailing list<br>
> > > <a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
> > ><br>
> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> > ><br>
><br>
><br>
> _______________________________________________<br>
> Oisf-users mailing list<br>
> <a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Oisf-users mailing list<br>
> <a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
<br>
</div></div></blockquote></div><br></div>