[Oisf-users] Error running inline mode
Anas.B
a.bouhsaina at gmail.com
Mon Jun 7 15:27:33 UTC 2010
Maybe u'r right,
for me the command *#suricata -c /etc/suricata/suricata.yaml -q 0 *
output at the end:
[4160] 7/6/2010 -- 16:22:10 - (tm-threads.c:1362) <Info>
(TmThreadWaitOnThreadInit) -- all 7 packet processing threads, 3 management
threads initialized, engine started.
wht does it mean ?
I'm like u, I'm trying suricata for the first time
2010/6/7 Martin Spinassi <martins.listz at gmail.com>
> Anas,
>
> Thanks for the link.
>
> Yes, I've seen that one, but it doesn't seems to be for inline mode, as
> it uses the option "-i eth0" to capture the packets. Correct me if I'm
> wrong please.
>
> Regards,
>
> Martin
>
> On Mon, 2010-06-07 at 16:15 +0100, Anas.B wrote:
> > Hi
> >
> > Did u see this :
> >
> >
> http://www.inliniac.net/blog/2010/05/10/setting-up-suricata-0-9-0-for-initial-use-on-ubuntu-lucid-10-04.html
> >
> > 2010/6/7 Martin Spinassi <martins.listz at gmail.com>
> > Will,
> >
> > Thanks for you reply.
> >
> > Here is my uname -a
> >
> > Linux server 2.6.32-trunk-686 #1 SMP Sun Jan 10 06:32:16 UTC
> > 2010 i686
> > GNU/Linux
> >
> > And my "lsmod" output:
> >
> > Module Size Used by
> > xt_NFQUEUE 1565 2
> > nfnetlink_queue 5093 0
> > nfnetlink 1798 1 nfnetlink_queue
> > decnet 48505 0 [permanent]
> > xt_tcpudp 1743 2
> > iptable_filter 1790 1
> > ip_tables 7690 1 iptable_filter
> > x_tables 8335 3 xt_NFQUEUE,xt_tcpudp,ip_tables
> > ip_queue 3766 0
> > loop 9721 0
> > snd_intel8x0 19523 0
> > snd_ac97_codec 79136 1 snd_intel8x0
> > ac97_bus 710 1 snd_ac97_codec
> > snd_pcm 47350 2 snd_intel8x0,snd_ac97_codec
> > snd_timer 12258 1 snd_pcm
> > snd 33551 4
> > snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer
> > soundcore 3450 1 snd
> > shpchp 21220 0
> > parport_pc 15799 0
> > sis_agp 3145 1
> > pcspkr 1207 0
> > evdev 5609 3
> > parport 22554 1 parport_pc
> > snd_page_alloc 4977 2 snd_intel8x0,snd_pcm
> > pci_hotplug 18065 1 shpchp
> > agpgart 19516 1 sis_agp
> > button 3598 0
> > processor 25803 0
> > ext3 93828 6
> > jbd 31965 1 ext3
> > mbcache 3762 1 ext3
> > ide_cd_mod 21044 0
> > ide_gd_mod 17103 10
> > cdrom 26487 1 ide_cd_mod
> > ata_generic 2015 0
> > ohci_hcd 16804 0
> > ide_pci_generic 1924 0
> > sata_sis 2734 0
> > pata_sis 1538 1 sata_sis
> > 8139cp 13285 0
> > libata 113728 3 ata_generic,sata_sis,pata_sis
> > thermal 9206 0
> > sis5513 4888 8
> > ehci_hcd 27230 0
> > floppy 40923 0
> > 8139too 14849 0
> > scsi_mod 101073 1 libata
> > sis900 13731 0
> > mii 2714 3 8139cp,8139too,sis900
> > thermal_sys 9378 2 processor,thermal
> > usbcore 97930 3 ohci_hcd,ehci_hcd
> > nls_base 4541 1 usbcore
> > ide_core 63850 4
> > ide_cd_mod,ide_gd_mod,ide_pci_generic,sis5513
> >
> >
> > Thanks for your support!
> >
> > Regards,
> >
> > Martin
> >
> >
> > On Mon, 2010-06-07 at 09:59 -0500, Will Metcalf wrote:
> > > can you send output of lsmod and uname -a
> > >
> > > Regards,
> > >
> > > Will
> > >
> > > On Mon, Jun 7, 2010 at 9:53 AM, Martin Spinassi
> > <martins.listz at gmail.com> wrote:
> > > > Hi list,
> > > >
> > > > I' trying suricata for my first time, but I'm having some
> > issues on
> > > > inline mode.
> > > >
> > > > This is part of the output of
> > > >
> > > > root at server# suricata
> > -c /etc/suricata/suricata-debian.yaml -q 0
> > > >
> > > >
> > > > <snip>
> > > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:282) <Info>
> > > > (StreamTcpInitConfig) -- stream "max_sessions": 262144
> > > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:294) <Info>
> > > > (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
> > > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:302) <Info>
> > > > (StreamTcpInitConfig) -- stream "memcap": 67108864
> > > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:309) <Info>
> > > > (StreamTcpInitConfig) -- stream "midstream" session
> > pickups: disabled
> > > > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:317) <Info>
> > > > (StreamTcpInitConfig) -- stream "async_oneside": disabled
> > > > [11657] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > > (TmThreadSetupOptions) -- Setting affinity for "Detect1"
> > Module to
> > > > cpu/core 0, thread id 11657
> > > > [11658] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > > (TmThreadSetupOptions) -- Setting affinity for "Verdict"
> > Module to
> > > > cpu/core 0, thread id 11658
> > > > [11659] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > > (TmThreadSetupOptions) -- Setting affinity for
> > "RespondReject" Module to
> > > > cpu/core 0, thread id 11659
> > > > [11660] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > > (TmThreadSetupOptions) -- Setting affinity for "Outputs"
> > Module to
> > > > cpu/core 0, thread id 11660
> > > > [11656] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > > (TmThreadSetupOptions) -- Setting affinity for "Stream1"
> > Module to
> > > > cpu/core 0, thread id 11656
> > > > [11655] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > > (TmThreadSetupOptions) -- Setting affinity for "Decode1"
> > Module to
> > > > cpu/core 0, thread id 11655
> > > > [11654] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
> > > > (TmThreadSetupOptions) -- Setting affinity for
> > "ReceiveNFQ" Module to
> > > > cpu/core 0, thread id 11654
> > > > [11654] 7/6/2010 -- 11:47:40 - (source-nfq.c:241) <Error>
> > > > (NFQInitThread) -- [ERRCODE: SC_ERR_NFQ_UNBIND(67)] -
> > nfq_unbind_pf()
> > > > for AF_INET failed
> > > >
> > > >
> > > > I googled it for a while, but I don't get anything but
> > source code of
> > > > suricata.
> > > >
> > > >
> > > > Any link/suggestion is very appreciated.
> > > > Thanks!
> > > >
> > > > Martin
> > > >
> > > >
> > > > _______________________________________________
> > > > Oisf-users mailing list
> > > > Oisf-users at openinfosecfoundation.org
> > > >
> >
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > > >
> >
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> >
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> >
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100607/704aeef9/attachment-0002.html>
More information about the Oisf-users
mailing list