[Oisf-users] suricata running error

Ihab el Bakri ihab.elbakri at hotmail.com
Mon Jan 11 14:18:31 UTC 2010 









Thank alot, works now!

mkdir /var/log/suricata

is the use of the inline mode analog to snort_inline ? 
is it possible to use suricata for monitoring multiple Gb/s network without GPU help running a Quad-Core AMD Opteron 2350, 4 Gig of RAM ? without having network performance leakage ? 


Best regards,
 
Ihab 


Date: Mon, 11 Jan 2010 08:07:04 -0600
Subject: Re: [Oisf-users] suricata running error
From: william.metcalf at gmail.com
To: ihab.elbakri at hotmail.com

Yes that is a bad error message that has been fixed in the latest version of the code in the git repo.  This means that your log directory doesn't exist.

mkdir /var/log/suricata

or use -l to specify a directory where you have write permissions.


Regards,

Will

On Mon, Jan 11, 2010 at 8:03 AM, Ihab el Bakri <ihab.elbakri at hotmail.com> wrote:







tried with suricata -c suricata.yaml -i eth1 -s /etc/snort/rules/x11.rules
another error :

[26132] 11/1/2010 -- 08:55:34 - (detect.c:2555) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done

[26133] 11/1/2010 -- 08:55:34 - (source-pcap.c:235) <Info> (ReceivePcapThreadInit) -- using interface eth1
[26142] 11/1/2010 -- 08:55:34 - (alert-fastlog.c:171) <Error> (AlertFastlogThreadInit) -- [ERRCODE: SC_ERR_FAST_LOG_GENERIC_ERROR(58)] - Error getting context for AlertFastLog.  "initdata" argument NULL

[26143] 11/1/2010 -- 08:55:34 - (alert-unified-log.c:224) <Error> (AlertUnifiedLogThreadInit) -- [ERRCODE: SC_ERR_UNIFIED_LOG_GENERIC_ERROR(60)] - Error getting context for UnifiedLog.  "initdata" argument NULL

[26144] 11/1/2010 -- 08:55:34 - (alert-unified2-alert.c:495) <Error> (Unified2AlertThreadInit) -- [ERRCODE: SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR(63)] - Error getting context for Unified2Alert.  "initdata" argument NULL

[26145] 11/1/2010 -- 08:55:34 - (alert-debuglog.c:198) <Error> (AlertDebuglogThreadInit) -- [ERRCODE: SC_ERR_DEBUG_LOG_GENERIC_ERROR(59)] - Error getting context for DebugLog.  "initdata" argument NULL

Thread "AlertFastlog&Httplog" closed on initialization...
ERROR: Engine initialization failed, aborting...

Best Regards,
 
Ihab 

Date: Mon, 11 Jan 2010 07:49:58 -0600
Subject: Re: [Oisf-users] suricata running error

From: william.metcalf at gmail.com
To: ihab.elbakri at hotmail.com
CC: oisf-users at openinfosecfoundation.org


Well it looks like there is a bug there for sure.  Although you are specify the configuration file multiple times.

suricata -c suricata.yaml -i eth1 -c /etc/snort/rules/x11.rules


should be ....

suricata -c suricata.yaml -i eth1 -s /etc/snort/rules/x11.rules


I will check in a bug for the other...

Regards,

Will



gdb /usr/local/bin/suricata 
On Mon, Jan 11, 2010 at 7:42 AM, Ihab el Bakri <ihab.elbakri at hotmail.com> wrote:







Hello there , 
I am having trouble running suricata with rules file, everytime i start suricata i get this msg :


root at test:~/suricata-current# suricata -c suricata.yaml -i eth1 -c /etc/snort/rules/x11.rules


Warning: Invalid global_log_level assigned by user.  Falling back on the default_log_level "Info"
Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters.  Falling back on default log_format "[%i] %t - (%f:%l) <%d> (%n) -- "


Warning: Output_interface not supplied by user.  Falling back on default_output_interface "Console"
[26040] 11/1/2010 -- 08:39:17 - (suricata.c:425) <Info> (main) -- This is Suricata version 0.8.0
*** glibc detected *** suricata: free(): invalid pointer: 0xb7edc2a1 ***


======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7e1aa85]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e1e4f0]
suricata[0x80a725a]
suricata[0x80a741a]
suricata[0x804b2aa]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7dc5450]


suricata[0x804a961]
======= Memory map: ========
08048000-080ca000 r-xp 00000000 08:01 91327      /usr/local/bin/suricata
080ca000-080cb000 rw-p 00082000 08:01 91327      /usr/local/bin/suricata
080cb000-08119000 rw-p 080cb000 00:00 0          [heap]


b7c00000-b7c21000 rw-p b7c00000 00:00 0
b7c21000-b7d00000 ---p b7c21000 00:00 0
b7d87000-b7d91000 r-xp 00000000 08:01 1777680    /lib/libgcc_s.so.1
b7d91000-b7d92000 rw-p 0000a000 08:01 1777680    /lib/libgcc_s.so.1


b7d99000-b7d9a000 rw-p b7d99000 00:00 0
b7d9a000-b7dae000 r-xp 00000000 08:01 83916      /usr/lib/libz.so.1.2.3.3
b7dae000-b7daf000 rw-p 00013000 08:01 83916      /usr/lib/libz.so.1.2.3.3
b7daf000-b7ef8000 r-xp 00000000 08:01 1777688    /lib/tls/i686/cmov/libc-2.7.so


b7ef8000-b7ef9000 r--p 00149000 08:01 1777688    /lib/tls/i686/cmov/libc-2.7.so
b7ef9000-b7efb000 rw-p 0014a000 08:01 1777688    /lib/tls/i686/cmov/libc-2.7.so


b7efb000-b7efe000 rw-p b7efb000 00:00 0
b7efe000-b7f24000 r-xp 00000000 08:01 87668      /usr/lib/libpcre.so.3.12.1
b7f24000-b7f25000 rw-p 00026000 08:01 87668      /usr/lib/libpcre.so.3.12.1
b7f25000-b7f26000 rw-p b7f25000 00:00 0


b7f26000-b7f41000 r-xp 00000000 08:01 565249     /usr/local/lib/libyaml-0.so.2.0.1
b7f41000-b7f42000 rw-p 0001a000 08:01 565249     /usr/local/lib/libyaml-0.so.2.0.1
b7f42000-b7f56000 r-xp 00000000 08:01 1777702    /lib/tls/i686/cmov/libpthread-2.7.so


b7f56000-b7f58000 rw-p 00013000 08:01 1777702    /lib/tls/i686/cmov/libpthread-2.7.so
b7f58000-b7f5a000 rw-p b7f58000 00:00 0
b7f5a000-b7f60000 r-xp 00000000 08:01 88329      /usr/lib/libnfnetlink.so.0.2.0


b7f60000-b7f61000 rw-p 00005000 08:01 88329      /usr/lib/libnfnetlink.so.0.2.0
b7f61000-b7f63000 r-xp 00000000 08:01 88309      /usr/lib/libnetfilter_queue.so.1.1.0
b7f63000-b7f64000 rw-p 00001000 08:01 88309      /usr/lib/libnetfilter_queue.so.1.1.0


b7f64000-b7f77000 r-xp 00000000 08:01 89678      /usr/lib/libnet.so.1.3.0
b7f77000-b7f78000 rw-p 00013000 08:01 89678      /usr/lib/libnet.so.1.3.0
b7f78000-b7f7a000 rw-p b7f78000 00:00 0
b7f7a000-b7f97000 r-xp 00000000 08:01 87729      /usr/lib/libpcap.so.0.7.2


b7f97000-b7f98000 rw-p 0001d000 08:01 87729      /usr/lib/libpcap.so.0.7.2
b7f98000-b7fa6000 r-xp 00000000 08:01 88130      /usr/lib/libhtp-0.1.so.1.0.2
b7fa6000-b7fa7000 rw-p 0000e000 08:01 88130      /usr/lib/libhtp-0.1.so.1.0.2


b7fac000-b7fb0000 rw-p b7fac000 00:00 0
b7fb0000-b7fb1000 r-xp b7fb0000 00:00 0          [vdso]
b7fb1000-b7fcb000 r-xp 00000000 08:01 1779190    /lib/ld-2.7.so
b7fcb000-b7fcd000 rw-p 00019000 08:01 1779190    /lib/ld-2.7.so


bffc9000-bffde000 rw-p bffeb000 00:00 0          [stack]
Aborted

Running Ubuntu 8.04 server 


I will be pleased for any help 

thanks in advance 
Ihab El Bakri 
 		 	   		  


Windows Live Hotmail:  Your friends can get your Facebook updates, right from HotmailĀ®.



_______________________________________________

Oisf-users mailing list

Oisf-users at openinfosecfoundation.org

http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



 		 	   		  
Windows Live:  Friends get your Flickr, Yelp, and Digg updates when they e-mail you.


 		 	   		  
Windows Live: Keep your friends up to date with what you do online. 		 	   		  
_________________________________________________________________
Windows Live Hotmail: Your friends can get your Facebook updates, right from HotmailĀ®.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100111/c788803b/attachment-0002.html>

More information about the Oisf-users mailing list