[Oisf-users] Suricata don't operate in Inline mode(-q option) on Fedora 14 box

Pablo pablo.rincon.crespo at gmail.com
Thu Apr 14 15:01:52 UTC 2011


Hi all,

you might also find useful to check the thread "A question about using
suricata as an IPS" here:

http://lists.openinfosecfoundation.org/pipermail/oisf-users/2011-April/subject.html

It's a common mistake to try to use 2 different sources when using inline mode.


2011/4/14 Victor Julien <victor at inliniac.net>:
> On 04/14/2011 11:01 AM, 김윤기 wrote:
>> suricata -c /etc/suricata/suricata.yaml -i eth0 -q 0
>>
>> But I have Following Error
>> ----------------------------------------------------------------------------------------------------------------------------
>> [4997] 14/4/2011 -- 17:48:58 - (suricata.c:551) <Info> (main) -- This is
>> Suricata version 1.1beta2 (rev d9e5413)
>> [4997] 14/4/2011 -- 17:48:58 - (suricata.c:816) <Error> (main) -- [ERRCODE:
>> SC_ERR_MULTIPLE_RUN_MODE(124)] - more than one run mode has been specified
>>
>> But without -q option It's OK(disable inline)
>> suricata -c /etc/suricata/suricata.yaml -i eth0
>>
>> What's wrong?
>
> You're mixing inline mode (-q 0) with passive ids mode (-i eth0). Just
> use -q 0 and it will read packets from iptables.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>



-- 

Best regards,

--
Pablo Rincón Crespo
Security researcher and developer
Open Information Security Foundation - http://www.openinfosecfoundation.org
Emerging Threats Pro, INC - http://www.emergingthreatspro.com
@PabloForThePPL
------------------------------------



More information about the Oisf-users mailing list