[Oisf-users] Error running inline mode

Anas.B a.bouhsaina at gmail.com
Mon Jun 7 15:15:24 UTC 2010 

Hi

Did u see this :

http://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initial-use-on-ubuntu-lucid-10-04.html

2010/6/7 Martin Spinassi <martins.listz at gmail.com>

> Will,
>
> Thanks for you reply.
>
> Here is my uname -a
>
> Linux server 2.6.32-trunk-686 #1 SMP Sun Jan 10 06:32:16 UTC 2010 i686
> GNU/Linux
>
> And my "lsmod" output:
>
> Module                  Size  Used by
> xt_NFQUEUE              1565  2
> nfnetlink_queue         5093  0
> nfnetlink               1798  1 nfnetlink_queue
> decnet                 48505  0 [permanent]
> xt_tcpudp               1743  2
> iptable_filter          1790  1
> ip_tables               7690  1 iptable_filter
> x_tables                8335  3 xt_NFQUEUE,xt_tcpudp,ip_tables
> ip_queue                3766  0
> loop                    9721  0
> snd_intel8x0           19523  0
> snd_ac97_codec         79136  1 snd_intel8x0
> ac97_bus                 710  1 snd_ac97_codec
> snd_pcm                47350  2 snd_intel8x0,snd_ac97_codec
> snd_timer              12258  1 snd_pcm
> snd                    33551  4
> snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer
> soundcore               3450  1 snd
> shpchp                 21220  0
> parport_pc             15799  0
> sis_agp                 3145  1
> pcspkr                  1207  0
> evdev                   5609  3
> parport                22554  1 parport_pc
> snd_page_alloc          4977  2 snd_intel8x0,snd_pcm
> pci_hotplug            18065  1 shpchp
> agpgart                19516  1 sis_agp
> button                  3598  0
> processor              25803  0
> ext3                   93828  6
> jbd                    31965  1 ext3
> mbcache                 3762  1 ext3
> ide_cd_mod             21044  0
> ide_gd_mod             17103  10
> cdrom                  26487  1 ide_cd_mod
> ata_generic             2015  0
> ohci_hcd               16804  0
> ide_pci_generic         1924  0
> sata_sis                2734  0
> pata_sis                1538  1 sata_sis
> 8139cp                 13285  0
> libata                113728  3 ata_generic,sata_sis,pata_sis
> thermal                 9206  0
> sis5513                 4888  8
> ehci_hcd               27230  0
> floppy                 40923  0
> 8139too                14849  0
> scsi_mod              101073  1 libata
> sis900                 13731  0
> mii                     2714  3 8139cp,8139too,sis900
> thermal_sys             9378  2 processor,thermal
> usbcore                97930  3 ohci_hcd,ehci_hcd
> nls_base                4541  1 usbcore
> ide_core               63850  4
> ide_cd_mod,ide_gd_mod,ide_pci_generic,sis5513
>
>
> Thanks for your support!
>
> Regards,
>
> Martin
>
> On Mon, 2010-06-07 at 09:59 -0500, Will Metcalf wrote:
> > can you send output of lsmod and uname -a
> >
> > Regards,
> >
> > Will
> >
> > On Mon, Jun 7, 2010 at 9:53 AM, Martin Spinassi <martins.listz at gmail.com>
> wrote:
> > > Hi list,
> > >
> > > I' trying suricata for my first time, but I'm having some issues on
> > > inline mode.
> > >
> > > This is part of the output of
> > >
> > > root at server# suricata -c /etc/suricata/suricata-debian.yaml -q 0
> > >
> > >
> > > <snip>
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:282) <Info>
> > > (StreamTcpInitConfig) -- stream "max_sessions": 262144
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:294) <Info>
> > > (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:302) <Info>
> > > (StreamTcpInitConfig) -- stream "memcap": 67108864
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:309) <Info>
> > > (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:317) <Info>
> > > (StreamTcpInitConfig) -- stream "async_oneside": disabled
> > > [11657] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Detect1" Module to
> > > cpu/core 0, thread id 11657
> > > [11658] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Verdict" Module to
> > > cpu/core 0, thread id 11658
> > > [11659] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "RespondReject" Module
> to
> > > cpu/core 0, thread id 11659
> > > [11660] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Outputs" Module to
> > > cpu/core 0, thread id 11660
> > > [11656] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Stream1" Module to
> > > cpu/core 0, thread id 11656
> > > [11655] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Decode1" Module to
> > > cpu/core 0, thread id 11655
> > > [11654] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "ReceiveNFQ" Module to
> > > cpu/core 0, thread id 11654
> > > [11654] 7/6/2010 -- 11:47:40 - (source-nfq.c:241) <Error>
> > > (NFQInitThread) -- [ERRCODE: SC_ERR_NFQ_UNBIND(67)] - nfq_unbind_pf()
> > > for AF_INET failed
> > >
> > >
> > > I googled it for a while, but I don't get anything but source code of
> > > suricata.
> > >
> > >
> > > Any link/suggestion is very appreciated.
> > > Thanks!
> > >
> > > Martin
> > >
> > >
> > > _______________________________________________
> > > Oisf-users mailing list
> > > Oisf-users at openinfosecfoundation.org
> > > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100607/bb116d96/attachment-0002.html>

More information about the Oisf-users mailing list