<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr">Is that take into consideration settings in suricata.yaml when starting Suricata that way?</div><div dir="ltr"><br><blockquote type="cite">On Jan 23, 2020, at 1:03 AM, Peter Manev <petermanev@gmail.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 23, 2020 at 8:18 AM Leonard Jacobs <<a href="mailto:ljacobs@netsecuris.com">ljacobs@netsecuris.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>I do not want to use af-packet mode. This sensor is not in-line. It is on a span port. I want af-packet disabled.<div><br></div></div></blockquote><div><br></div><div><br></div><div>You can try <br>sudo suricata -i eth0 --runmode=autofp<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div></div><div>I installed it with a PPA.</div><div><br></div><div>Thanks.</div><div><br></div><div>Leonard<br><br><br><div><strong>
From:
</strong>
Andreas Herz <<a href="mailto:andi@geekosphere.org" target="_blank">andi@geekosphere.org</a>>
<br>
<strong>
To:
</strong>
<<a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank">oisf-users@lists.openinfosecfoundation.org</a>>
<br>
<strong>
Sent:
</strong>
1/22/2020 5:17 PM
<br>
<strong>
Subject:
</strong>
Re: [Oisf-users] Getting Errors on Suricata Startup
<br><br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Leonard,<br><br>first of all, please reply to the mailinglist not to me directly.<br><br>On 22/01/20 at 15:20, Leonard Jacobs wrote:<br>> If I run Suricata in daemon mode I don’t get the error. Except sometimes I get a pid file error if don’t delete /var/run/Suricata.pid file first.<br><br>This is another issue but should be handled by the way the mode is run<br>from your system to take care of those pid files.<br><br>> I get the error below when running sudo /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eno2 &.<br>> <br>> I have attached the Suricata.yaml file.<br><br>I would suggest you add some configuration settings to the af-packet<br>interface settings in the configuration file, ideally with interface<br>eno2 or at least for a default interface. Currently no af-packet<br>settings are in your config file.<br><br>Andi<br><br>-- <br>Andreas Herz<br>_______________________________________________<br>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br><br>Conference: <a href="https://suricon.net" target="_blank">https://suricon.net</a><br>Trainings: <a href="https://suricata-ids.org/training/" target="_blank">https://suricata-ids.org/training/</a></blockquote></div></div></div>_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net" rel="noreferrer" target="_blank">https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/training/</a></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div>Regards,</div>
<div>Peter Manev</div></div></div>
</div></blockquote></body></html>