[Oisf-users] FreeBSD 8.0 (suricata.c:636) <Error> (main) -- [ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)]

Shant Kassardjian shant at skylab.ca
Fri Jul 30 15:27:55 UTC 2010


Hello Eric,

Thank you for your reply, I am a bit confused as to which interface suricata monitors traffic on? I have the bridge0 interface configured for (em1, em2, ... em5) 5 sub interfaces and em0 which is my uplink interface.

I though with -i em0 -d 8000 it would listen for traffic passing only through em0 and divert them to ipfw.

Can you please explain if I don't specify an interface with -i em0 which interface will suricata pick to monitor traffic? Will suricata pass all the traffic from the kernel to the ipfw divert socket with the -d option?

Many thanks.

Regards,
Shant K


> Subject: Re: [Oisf-users] FreeBSD 8.0 (suricata.c:636) <Error> (main) --	[ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)]
> From: eleblond at edenwall.com
> To: shant at skylab.ca
> CC: oisf-users at openinfosecfoundation.org
> Date: Fri, 30 Jul 2010 09:17:12 +0200
> 
> Hi,
> 
> Le vendredi 30 juillet 2010 à 02:56 +0000, Shant Kassardjian a écrit :
> > Hello,
> > 
> > 
> > I can't seem to start suricata on FreeBSD 8.0
> > 
> > 
> > I have compiled with  ./configure --enable-profiling --enable-ipfw  
> ...
> > 
> > # suricata -c /usr/local/etc/suricata/suricata.yaml -i em0 -d 8000  
> > [100183] 29/7/2010 -- 22:48:49 - (suricata.c:403) <Info> (main) --
> > This is Suricata version 1.0.1
> > [100183] 29/7/2010 -- 22:48:49 - (suricata.c:636) <Error> (main) --
> > [ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)] - more than one run mode has
> > been specified
> > ...
> > 
> > 
> > 
> > Any idea what went wrong? error message doesn't say much..
> 
> It tell correctly the error ;)
> 
> You've runned with options :
>  - -i em0 which enable pcap on em0
>  - -d 8000 you divert packet from rule 8000
> Thus you've got multiple run mode instead on one. You need to choose
> one.
> 
> BR,
> -- 
> Éric Leblond, eleblond at edenwall.com
> Téléphone : +33 1 40 24 65 04, Fax : +33 9 57 21 48 75
> EdenWall, http://www.edenwall.com
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100730/c68f0b35/attachment-0002.html>


More information about the Oisf-users mailing list