[Oisf-users] suricata fail to start with pcap mode if interface is not specified in command

Eric Leblond eric at regit.org
Thu Dec 29 12:57:00 UTC 2011 

hello


Can you open a ticket with this bug report?  I will work on a fix ASAP (maybe by the end of the week)

BR,

Delta Yeh <delta.yeh at gmail.com> a écrit :

>I update suricate to latest git master, run suricata with:
>
>src/.libs/suricata --pcap -c /etc/suricata/suricata.yaml
>
>the output is :
>
>
>
>[2319] 29/12/2011 -- 07:46:11 - (util-device.c:113) <Info>
>(LiveBuildDeviceList) -- Adding interface eth0 from config file
>[2319] 29/12/2011 -- 07:46:11 - (runmode-pcap.c:123) <Info>
>(ParsePcapConfig) -- Unable to find pcap config for interfaceb?
>
>                                                   , using default
>value
>[2319] 29/12/2011 -- 07:46:11 - (runmode-pcap.c:228) <Info>
>(RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialised
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:347) <Info>
>(StreamTcpInitConfig) -- stream "max_sessions": 262144
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:359) <Info>
>(StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:375) <Info>
>(StreamTcpInitConfig) -- stream "memcap": 33554432
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:381) <Info>
>(StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:387) <Info>
>(StreamTcpInitConfig) -- stream "async_oneside": disabled
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:404) <Info>
>(StreamTcpInitConfig) -- stream "checksum_validation": enabled
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:414) <Info>
>(StreamTcpInitConfig) -- stream."inline": disabled
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:432) <Info>
>(StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:450) <Info>
>(StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:491) <Info>
>(StreamTcpInitConfig) -- stream.reassembly "toserver_chunk_size": 2560
>[2319] 29/12/2011 -- 07:46:11 - (stream-tcp.c:493) <Info>
>(StreamTcpInitConfig) -- stream.reassembly "toclient_chunk_size": 2560
>[2322] 29/12/2011 -- 07:46:11 - (source-pcap.c:318) <Info>
>(ReceivePcapThreadInit) -- using interfaceb?
>
>[2322] 29/12/2011 -- 07:46:11 - (source-pcap.c:359) <Info>
>(ReceivePcapThreadInit) -- Going to use pcap buffer size of 0
>[2322] 29/12/2011 -- 07:46:11 - (source-pcap.c:376) <Error>
>(ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)]
>- Couldn't activate the pcap handler, error SIOCGIFHWADDR: No such
>device
>[2319] 29/12/2011 -- 07:46:11 - (tm-threads.c:1797) <Error>
>(TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] -
>thread "ReceivePcap" closed on initialization.
>[2319] 29/12/2011 -- 07:46:11 - (suricata.c:1599) <Error> (main) --
>[ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed,
>aborting...
>_______________________________________________
>Oisf-users mailing list
>Oisf-users at openinfosecfoundation.org
>http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

More information about the Oisf-users mailing list