<html><body><div style="color:#000; background-color:#fff; font-family:tahoma, new york, times, serif;font-size:12pt"><div><span>Thanks Victor. It worked!</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: tahoma, 'new york', times, serif; background-color: transparent; font-style: normal;"><span><br></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: tahoma, 'new york', times, serif; background-color: transparent; font-style: normal;"><span>--</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: tahoma, 'new york', times, serif; background-color: transparent; font-style: normal;"><span>Theron</span></div><div><br></div> <div style="font-family: tahoma, 'new york', times, serif; font-size: 12pt;"> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1"> <font size="2" face="Arial"> <b><span
style="font-weight:bold;">From:</span></b> Victor Julien <lists@inliniac.net><br> <b><span style="font-weight: bold;">To:</span></b> oisf-users@openinfosecfoundation.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, April 17, 2013 10:13 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Oisf-users] Suricata startup error under OpenBSD<br> </font> </div> <div class="y_msg_container"><br>
On 04/16/2013 11:03 PM, Theron ZORBAS wrote:<br>> I'm trying to run Suricata under OpenBSD 5.3 amd64. <br>> # uname -rmsv<br>> OpenBSD 5.3 GENERIC.MP#2 amd64<br>> <br>> I've used default config and enter this command:<br>> suricata -c /etc/suricata -d 8000<br><br>Maybe a typo, but this should probably be:<br>suricata -c /etc/suricata/suricata.yaml -d 8000<br><br>> It failed with these error messages:<br>> 17/4/2013 -- 00:00:07 - <Info> - This is Suricata version 1.4.1 RELEASE<br>> 17/4/2013 -- 00:00:07 - <Info> - CPUs/cores online: 2<br>> 17/4/2013 -- 00:00:07 - <Info> - allocated 98304 bytes of memory for the<br>> defrag hash... 4096 buckets of size 24<br>> 17/4/2013 -- 00:00:07 - <Info> - defrag memory usage: 98304 bytes,<br>> maximum: 16777216<br>> 17/4/2013 -- 00:00:07 - <Info> - AutoFP mode using default "Active<br>> Packets" flow load balancer<br>> 17/4/2013 -- 00:00:07 -
<Info> - preallocated 1024 packets. Total memory<br>> 4294656<br>> 17/4/2013 -- 00:00:07 - <Info> - allocated 98304 bytes of memory for the<br>> host hash... 4096 buckets of size 24<br>> 17/4/2013 -- 00:00:07 - <Info> - preallocated 1000 hosts of size 96<br>> 17/4/2013 -- 00:00:07 - <Info> - host memory usage: 194304 bytes,<br>> maximum: 16777216<br>> 17/4/2013 -- 00:00:07 - <Info> - allocated 1572864 bytes of memory for<br>> the flow hash... 65536 buckets of size 24<br>> 17/4/2013 -- 00:00:07 - <Info> - preallocated 10000 flows of size 224<br>> 17/4/2013 -- 00:00:07 - <Info> - flow memory usage: 3812864 bytes,<br>> maximum: 33554432<br>> 17/4/2013 -- 00:00:07 - <Info> - IP reputation disabled<br>> 17/4/2013 -- 00:00:07 - <Error> - [ERRCODE: SC_ERR_ACTION_ORDER(3)] -<br>> action-order, the config didn't specify all of the actions. Please, use<br>>
"pass","drop","alert","reject". You have to specify all of them, without<br>> quotes and without capital letters<br>> <br>> But I have already have action-order parameters in it:<br>> action-order:<br>> - pass<br>> - drop<br>> - reject<br>> - alert<br><br>-- <br>---------------------------------------------<br>Victor Julien<br>http://www.inliniac.net/<br>PGP: http://www.inliniac.net/victorjulien.asc<br>---------------------------------------------<br><br>_______________________________________________<br>Suricata IDS Users mailing list: <a ymailto="mailto:oisf-users@openinfosecfoundation.org" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/<br>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users"
target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>OISF: http://www.openinfosecfoundation.org/<br><br><br></div> </div> </div> </div></body></html>