[Oisf-users] Suricata startup error - [ERRCODE: SC_ERR_INITIALIZATION(45)]
Benson Mathews
benson.mathews at gmail.com
Tue Feb 26 22:36:06 UTC 2013
Thank you for the quick response Duarte!
I tried comment the line that wrote the PID to the PIDFILE in my init.d
script (also tried using a sleep 2 without commenting). This is time there
is no error on the start.log but when i check the service status it says
PID file /var/run/suricata.pid exists, but process not running!
init.d script:
NAME=suricata
DAEMON=/usr/local/suricata/current/bin/$NAME
SURCONF=/etc/suricata/suricata.yaml
PIDFILE=/var/run/suricata.pid
IDMODE=pfring
...
...
SURICATA_OPTIONS=" -c $SURCONF --pidfile $PIDFILE --pfring -D"
case "$1" in
start)
if [ -f $PIDFILE ]; then
PID1=`cat $PIDFILE`
if kill -0 "$PID1" 2>/dev/null; then
echo "$NAME is already running with PID $PID1"
exit 0
fi
fi
echo -n "Starting suricata in $IDMODE mode..."
$DAEMON $SURICATA_OPTIONS > /var/log/suricata/suricata-start.log
2>&1 &
PID1=$!
sleep 2 ### JUST ADDED
echo "$PID1" > $PIDFILE
echo " done."
;;
-------
cat /var/log/suricata/suricata-start.log
26/2/2013 -- 17:28:22 - <Info> - This is Suricata version 1.4 RELEASE
26/2/2013 -- 17:28:22 - <Info> - CPUs/cores online: 16
26/2/2013 -- 17:28:22 - <Info> - Failure when trying to get MTU via ioctl:
19
26/2/2013 -- 17:28:22 - <Error> - [ERRCODE:
SC_ERR_MISSING_CONFIG_PARAM(118)] - NO logging compatible with daemon mode
selected, suricata won't be able to log. Please update 'logging.outputs'
in the YAML.
26/2/2013 -- 17:28:22 - <Info> - allocated 3670016 bytes of memory for the
defrag hash... 65536 buckets of size 56
26/2/2013 -- 17:28:22 - <Info> - preallocated 65535 defrag trackers of size
144
26/2/2013 -- 17:28:22 - <Info> - defrag memory usage: 13107056 bytes,
maximum: 33554432
26/2/2013 -- 17:28:22 - <Info> - AutoFP mode using default "Active Packets"
flow load balancer
If there any file that would give more details about why the process is
failing to start?
Thanks,
Benson
On Tue, Feb 26, 2013 at 4:46 PM, Duarte Silva
<duarte.silva at serializing.me>wrote:
> Hi,
>
> that happened to me whe I started Suricata with the init.d script. That's
> because the init.d script forks Suricata to the background and then creates
> a pid file before Suricata. If you remove the line that echos the Suricata
> process identifier to the pid file, it should work fine.
>
> Best regards,
> Duarte Silva
> On 26 Feb 2013 21:32, "Benson Mathews" <benson.mathews at gmail.com> wrote:
>
>> Hi,
>>
>> I just installed Suricata 1.4 on my server and I'm attempting to run it
>> with PF_RINGS, but I get the following error while I start suricata.
>> cat /var/log/suricata/suricata-start.log
>> 26/2/2013 -- 00:03:18 - <Info> - This is Suricata version 1.4 RELEASE
>> 26/2/2013 -- 00:03:18 - <Info> - CPUs/cores online: 16
>> 26/2/2013 -- 00:03:18 - <Info> - Failure when trying to get MTU via
>> ioctl: 19
>> 26/2/2013 -- 00:03:18 - <Error> - [ERRCODE:
>> SC_ERR_MISSING_CONFIG_PARAM(118)] - NO logging compatible with daemon mode
>> selected, suricata won't be able to log. Please update 'logging.outputs'
>> in the YAML.
>> 26/2/2013 -- 00:03:18 - <Info> - allocated 3670016 bytes of memory for
>> the defrag hash... 65536 buckets of size 56
>> 26/2/2013 -- 00:03:18 - <Info> - preallocated 65535 defrag trackers of
>> size 144
>> 26/2/2013 -- 00:03:18 - <Info> - defrag memory usage: 13107056 bytes,
>> maximum: 33554432
>> 26/2/2013 -- 00:03:18 - <Info> - AutoFP mode using default "Active
>> Packets" flow load balancer
>> 26/2/2013 -- 00:03:18 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] -
>> pid file '/var/run/suricata.pid' exists. Is Suricata already running?
>> Aborting!
>>
>> I tried deleting the pid file and restarting it but get the same error.
>> I'm new to this, any help would be much appreciated!
>>
>> Thanks,
>> Benson
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130226/90273730/attachment-0002.html>
More information about the Oisf-users
mailing list