[Oisf-users] suricata fail to start with pcap mode if interface is not specified in command
Delta Yeh
delta.yeh at gmail.com
Thu Dec 29 12:47:33 UTC 2011
I update suricate to latest git master, run suricata with:
src/.libs/suricata --pcap -c /etc/suricata/suricata.yaml
the output is :
[2319] 29/12/2011 -- 07:46:11 - (util-device.c:113) <Info>
(LiveBuildDeviceList) -- Adding interface eth0 from config file
[2319] 29/12/2011 -- 07:46:11 - (runmode-pcap.c:123) <Info>
(ParsePcapConfig) -- Unable to find pcap config for interfaceb?
, using default
value
[2319] 29/12/2011 -- 07:46:11 - (runmode-pcap.c:228) <Info>
(RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialised
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:347) <Info>
(StreamTcpInitConfig) -- stream "max_sessions": 262144
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:359) <Info>
(StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:375) <Info>
(StreamTcpInitConfig) -- stream "memcap": 33554432
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:381) <Info>
(StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:387) <Info>
(StreamTcpInitConfig) -- stream "async_oneside": disabled
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:404) <Info>
(StreamTcpInitConfig) -- stream "checksum_validation": enabled
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:414) <Info>
(StreamTcpInitConfig) -- stream."inline": disabled
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:432) <Info>
(StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:450) <Info>
(StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:491) <Info>
(StreamTcpInitConfig) -- stream.reassembly "toserver_chunk_size": 2560
[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:493) <Info>
(StreamTcpInitConfig) -- stream.reassembly "toclient_chunk_size": 2560
[2322] 29/12/2011 -- 07:46:11 - (source-pcap.c:318) <Info>
(ReceivePcapThreadInit) -- using interfaceb?
[2322] 29/12/2011 -- 07:46:11 - (source-pcap.c:359) <Info>
(ReceivePcapThreadInit) -- Going to use pcap buffer size of 0
[2322] 29/12/2011 -- 07:46:11 - (source-pcap.c:376) <Error>
(ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)]
- Couldn't activate the pcap handler, error SIOCGIFHWADDR: No such
device
[2319] 29/12/2011 -- 07:46:11 - (tm-threads.c:1797) <Error>
(TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] -
thread "ReceivePcap" closed on initialization.
[2319] 29/12/2011 -- 07:46:11 - (suricata.c:1599) <Error> (main) --
[ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed,
aborting...
More information about the Oisf-users
mailing list