[Oisf-users] Suricata startup error under OpenBSD
Theron ZORBAS
theronzorbas at yahoo.com
Wed Apr 17 08:51:00 UTC 2013
Thanks Victor. It worked!
--
Theron
________________________________
From: Victor Julien <lists at inliniac.net>
To: oisf-users at openinfosecfoundation.org
Sent: Wednesday, April 17, 2013 10:13 AM
Subject: Re: [Oisf-users] Suricata startup error under OpenBSD
On 04/16/2013 11:03 PM, Theron ZORBAS wrote:
> I'm trying to run Suricata under OpenBSD 5.3 amd64.
> # uname -rmsv
> OpenBSD 5.3 GENERIC.MP#2 amd64
>
> I've used default config and enter this command:
> suricata -c /etc/suricata -d 8000
Maybe a typo, but this should probably be:
suricata -c /etc/suricata/suricata.yaml -d 8000
> It failed with these error messages:
> 17/4/2013 -- 00:00:07 - <Info> - This is Suricata version 1.4.1 RELEASE
> 17/4/2013 -- 00:00:07 - <Info> - CPUs/cores online: 2
> 17/4/2013 -- 00:00:07 - <Info> - allocated 98304 bytes of memory for the
> defrag hash... 4096 buckets of size 24
> 17/4/2013 -- 00:00:07 - <Info> - defrag memory usage: 98304 bytes,
> maximum: 16777216
> 17/4/2013 -- 00:00:07 - <Info> - AutoFP mode using default "Active
> Packets" flow load balancer
> 17/4/2013 -- 00:00:07 - <Info> - preallocated 1024 packets. Total memory
> 4294656
> 17/4/2013 -- 00:00:07 - <Info> - allocated 98304 bytes of memory for the
> host hash... 4096 buckets of size 24
> 17/4/2013 -- 00:00:07 - <Info> - preallocated 1000 hosts of size 96
> 17/4/2013 -- 00:00:07 - <Info> - host memory usage: 194304 bytes,
> maximum: 16777216
> 17/4/2013 -- 00:00:07 - <Info> - allocated 1572864 bytes of memory for
> the flow hash... 65536 buckets of size 24
> 17/4/2013 -- 00:00:07 - <Info> - preallocated 10000 flows of size 224
> 17/4/2013 -- 00:00:07 - <Info> - flow memory usage: 3812864 bytes,
> maximum: 33554432
> 17/4/2013 -- 00:00:07 - <Info> - IP reputation disabled
> 17/4/2013 -- 00:00:07 - <Error> - [ERRCODE: SC_ERR_ACTION_ORDER(3)] -
> action-order, the config didn't specify all of the actions. Please, use
> "pass","drop","alert","reject". You have to specify all of them, without
> quotes and without capital letters
>
> But I have already have action-order parameters in it:
> action-order:
> - pass
> - drop
> - reject
> - alert
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130417/6afd6f5d/attachment-0002.html>
More information about the Oisf-users
mailing list