[Oisf-users] Error running inline mode
Martin Spinassi
martins.listz at gmail.com
Mon Jun 7 15:24:13 UTC 2010
Anas,
Thanks for the link.
Yes, I've seen that one, but it doesn't seems to be for inline mode, as
it uses the option "-i eth0" to capture the packets. Correct me if I'm
wrong please.
Regards,
Martin
On Mon, 2010-06-07 at 16:15 +0100, Anas.B wrote:
> Hi
>
> Did u see this :
>
> http://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initial-use-on-ubuntu-lucid-10-04.html
>
> 2010/6/7 Martin Spinassi <martins.listz at gmail.com>
> Will,
>
> Thanks for you reply.
>
> Here is my uname -a
>
> Linux server 2.6.32-trunk-686 #1 SMP Sun Jan 10 06:32:16 UTC
> 2010 i686
> GNU/Linux
>
> And my "lsmod" output:
>
> Module Size Used by
> xt_NFQUEUE 1565 2
> nfnetlink_queue 5093 0
> nfnetlink 1798 1 nfnetlink_queue
> decnet 48505 0 [permanent]
> xt_tcpudp 1743 2
> iptable_filter 1790 1
> ip_tables 7690 1 iptable_filter
> x_tables 8335 3 xt_NFQUEUE,xt_tcpudp,ip_tables
> ip_queue 3766 0
> loop 9721 0
> snd_intel8x0 19523 0
> snd_ac97_codec 79136 1 snd_intel8x0
> ac97_bus 710 1 snd_ac97_codec
> snd_pcm 47350 2 snd_intel8x0,snd_ac97_codec
> snd_timer 12258 1 snd_pcm
> snd 33551 4
> snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer
> soundcore 3450 1 snd
> shpchp 21220 0
> parport_pc 15799 0
> sis_agp 3145 1
> pcspkr 1207 0
> evdev 5609 3
> parport 22554 1 parport_pc
> snd_page_alloc 4977 2 snd_intel8x0,snd_pcm
> pci_hotplug 18065 1 shpchp
> agpgart 19516 1 sis_agp
> button 3598 0
> processor 25803 0
> ext3 93828 6
> jbd 31965 1 ext3
> mbcache 3762 1 ext3
> ide_cd_mod 21044 0
> ide_gd_mod 17103 10
> cdrom 26487 1 ide_cd_mod
> ata_generic 2015 0
> ohci_hcd 16804 0
> ide_pci_generic 1924 0
> sata_sis 2734 0
> pata_sis 1538 1 sata_sis
> 8139cp 13285 0
> libata 113728 3 ata_generic,sata_sis,pata_sis
> thermal 9206 0
> sis5513 4888 8
> ehci_hcd 27230 0
> floppy 40923 0
> 8139too 14849 0
> scsi_mod 101073 1 libata
> sis900 13731 0
> mii 2714 3 8139cp,8139too,sis900
> thermal_sys 9378 2 processor,thermal
> usbcore 97930 3 ohci_hcd,ehci_hcd
> nls_base 4541 1 usbcore
> ide_core 63850 4
> ide_cd_mod,ide_gd_mod,ide_pci_generic,sis5513
>
>
> Thanks for your support!
>
> Regards,
>
> Martin
>
>
> On Mon, 2010-06-07 at 09:59 -0500, Will Metcalf wrote:
> > can you send output of lsmod and uname -a
> >
> > Regards,
> >
> > Will
> >
> > On Mon, Jun 7, 2010 at 9:53 AM, Martin Spinassi
> <martins.listz at gmail.com> wrote:
> > > Hi list,
> > >
> > > I' trying suricata for my first time, but I'm having some
> issues on
> > > inline mode.
> > >
> > > This is part of the output of
> > >
> > > root at server# suricata
> -c /etc/suricata/suricata-debian.yaml -q 0
> > >
> > >
> > > <snip>
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:282) <Info>
> > > (StreamTcpInitConfig) -- stream "max_sessions": 262144
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:294) <Info>
> > > (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:302) <Info>
> > > (StreamTcpInitConfig) -- stream "memcap": 67108864
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:309) <Info>
> > > (StreamTcpInitConfig) -- stream "midstream" session
> pickups: disabled
> > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:317) <Info>
> > > (StreamTcpInitConfig) -- stream "async_oneside": disabled
> > > [11657] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Detect1"
> Module to
> > > cpu/core 0, thread id 11657
> > > [11658] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Verdict"
> Module to
> > > cpu/core 0, thread id 11658
> > > [11659] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for
> "RespondReject" Module to
> > > cpu/core 0, thread id 11659
> > > [11660] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Outputs"
> Module to
> > > cpu/core 0, thread id 11660
> > > [11656] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Stream1"
> Module to
> > > cpu/core 0, thread id 11656
> > > [11655] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for "Decode1"
> Module to
> > > cpu/core 0, thread id 11655
> > > [11654] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > (TmThreadSetupOptions) -- Setting affinity for
> "ReceiveNFQ" Module to
> > > cpu/core 0, thread id 11654
> > > [11654] 7/6/2010 -- 11:47:40 - (source-nfq.c:241) <Error>
> > > (NFQInitThread) -- [ERRCODE: SC_ERR_NFQ_UNBIND(67)] -
> nfq_unbind_pf()
> > > for AF_INET failed
> > >
> > >
> > > I googled it for a while, but I don't get anything but
> source code of
> > > suricata.
> > >
> > >
> > > Any link/suggestion is very appreciated.
> > > Thanks!
> > >
> > > Martin
> > >
> > >
> > > _______________________________________________
> > > Oisf-users mailing list
> > > Oisf-users at openinfosecfoundation.org
> > >
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list