[Oisf-users] FreeBSD 8.0 (suricata.c:636) <Error> (main) -- [ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)]
Shant Kassardjian
shant at skylab.ca
Fri Jul 30 15:27:55 UTC 2010
Hello Eric,
Thank you for your reply, I am a bit confused as to which interface suricata monitors traffic on? I have the bridge0 interface configured for (em1, em2, ... em5) 5 sub interfaces and em0 which is my uplink interface.
I though with -i em0 -d 8000 it would listen for traffic passing only through em0 and divert them to ipfw.
Can you please explain if I don't specify an interface with -i em0 which interface will suricata pick to monitor traffic? Will suricata pass all the traffic from the kernel to the ipfw divert socket with the -d option?
Many thanks.
Regards,
Shant K
> Subject: Re: [Oisf-users] FreeBSD 8.0 (suricata.c:636) <Error> (main) -- [ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)]
> From: eleblond at edenwall.com
> To: shant at skylab.ca
> CC: oisf-users at openinfosecfoundation.org
> Date: Fri, 30 Jul 2010 09:17:12 +0200
>
> Hi,
>
> Le vendredi 30 juillet 2010 à 02:56 +0000, Shant Kassardjian a écrit :
> > Hello,
> >
> >
> > I can't seem to start suricata on FreeBSD 8.0
> >
> >
> > I have compiled with ./configure --enable-profiling --enable-ipfw
> ...
> >
> > # suricata -c /usr/local/etc/suricata/suricata.yaml -i em0 -d 8000
> > [100183] 29/7/2010 -- 22:48:49 - (suricata.c:403) <Info> (main) --
> > This is Suricata version 1.0.1
> > [100183] 29/7/2010 -- 22:48:49 - (suricata.c:636) <Error> (main) --
> > [ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)] - more than one run mode has
> > been specified
> > ...
> >
> >
> >
> > Any idea what went wrong? error message doesn't say much..
>
> It tell correctly the error ;)
>
> You've runned with options :
> - -i em0 which enable pcap on em0
> - -d 8000 you divert packet from rule 8000
> Thus you've got multiple run mode instead on one. You need to choose
> one.
>
> BR,
> --
> Éric Leblond, eleblond at edenwall.com
> Téléphone : +33 1 40 24 65 04, Fax : +33 9 57 21 48 75
> EdenWall, http://www.edenwall.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100730/c68f0b35/attachment-0002.html>
More information about the Oisf-users
mailing list