[Oisf-users] Suricata startup error - [ERRCODE: SC_ERR_INITIALIZATION(45)]

Benson Mathews benson.mathews at gmail.com
Tue Feb 26 22:44:25 UTC 2013 

just tried running the suricata bin file directly with the same options....
same result.

On Tue, Feb 26, 2013 at 5:36 PM, Benson Mathews <benson.mathews at gmail.com>wrote:

> Thank you for the quick response Duarte!
>
> I tried comment the line that wrote the PID to the PIDFILE in my init.d
> script (also tried using a sleep 2 without commenting). This is time there
> is no error on the start.log but when i check the service status it says
> PID file /var/run/suricata.pid exists, but process not running!
>
> init.d script:
> NAME=suricata
> DAEMON=/usr/local/suricata/current/bin/$NAME
> SURCONF=/etc/suricata/suricata.yaml
> PIDFILE=/var/run/suricata.pid
> IDMODE=pfring
>
> ...
> ...
>
> SURICATA_OPTIONS=" -c $SURCONF --pidfile $PIDFILE --pfring -D"
>
> case "$1" in
>   start)
>        if [ -f $PIDFILE ]; then
>            PID1=`cat $PIDFILE`
>            if kill -0 "$PID1" 2>/dev/null; then
>                echo "$NAME is already running with PID $PID1"
>                exit 0
>            fi
>        fi
>        echo -n "Starting suricata in $IDMODE mode..."
>        $DAEMON $SURICATA_OPTIONS > /var/log/suricata/suricata-start.log
> 2>&1 &
>        PID1=$!
>
>        sleep 2  ### JUST ADDED
>        echo "$PID1" > $PIDFILE
>        echo " done."
>        ;;
> -------
>
>
> cat /var/log/suricata/suricata-start.log
> 26/2/2013 -- 17:28:22 - <Info> - This is Suricata version 1.4 RELEASE
> 26/2/2013 -- 17:28:22 - <Info> - CPUs/cores online: 16
> 26/2/2013 -- 17:28:22 - <Info> - Failure when trying to get MTU via ioctl:
> 19
> 26/2/2013 -- 17:28:22 - <Error> - [ERRCODE:
> SC_ERR_MISSING_CONFIG_PARAM(118)] - NO logging compatible with daemon mode
> selected, suricata won't be able to log. Please update  'logging.outputs'
> in the YAML.
> 26/2/2013 -- 17:28:22 - <Info> - allocated 3670016 bytes of memory for the
> defrag hash... 65536 buckets of size 56
> 26/2/2013 -- 17:28:22 - <Info> - preallocated 65535 defrag trackers of
> size 144
> 26/2/2013 -- 17:28:22 - <Info> - defrag memory usage: 13107056 bytes,
> maximum: 33554432
> 26/2/2013 -- 17:28:22 - <Info> - AutoFP mode using default "Active
> Packets" flow load balancer
>
>
> If there any file that would give more details about why the process is
> failing to start?
>
> Thanks,
> Benson
>
>
>
> On Tue, Feb 26, 2013 at 4:46 PM, Duarte Silva <duarte.silva at serializing.me
> > wrote:
>
>> Hi,
>>
>> that happened to me whe I started Suricata with the init.d script. That's
>> because the init.d script forks Suricata to the background and then creates
>> a pid file before Suricata. If you remove the line that echos the Suricata
>> process identifier to the pid file, it should work fine.
>>
>> Best regards,
>> Duarte Silva
>> On 26 Feb 2013 21:32, "Benson Mathews" <benson.mathews at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I just installed Suricata 1.4 on my server and I'm attempting to run it
>>> with PF_RINGS, but I get the following error while I start suricata.
>>> cat /var/log/suricata/suricata-start.log
>>> 26/2/2013 -- 00:03:18 - <Info> - This is Suricata version 1.4 RELEASE
>>> 26/2/2013 -- 00:03:18 - <Info> - CPUs/cores online: 16
>>> 26/2/2013 -- 00:03:18 - <Info> - Failure when trying to get MTU via
>>> ioctl: 19
>>> 26/2/2013 -- 00:03:18 - <Error> - [ERRCODE:
>>> SC_ERR_MISSING_CONFIG_PARAM(118)] - NO logging compatible with daemon mode
>>> selected, suricata won't be able to log. Please update  'logging.outputs'
>>> in the YAML.
>>> 26/2/2013 -- 00:03:18 - <Info> - allocated 3670016 bytes of memory for
>>> the defrag hash... 65536 buckets of size 56
>>> 26/2/2013 -- 00:03:18 - <Info> - preallocated 65535 defrag trackers of
>>> size 144
>>> 26/2/2013 -- 00:03:18 - <Info> - defrag memory usage: 13107056 bytes,
>>> maximum: 33554432
>>> 26/2/2013 -- 00:03:18 - <Info> - AutoFP mode using default "Active
>>> Packets" flow load balancer
>>> 26/2/2013 -- 00:03:18 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] -
>>> pid file '/var/run/suricata.pid' exists. Is Suricata already running?
>>> Aborting!
>>>
>>> I tried deleting the pid file and restarting it but get the same error.
>>> I'm new to this, any help would be much appreciated!
>>>
>>> Thanks,
>>> Benson
>>>
>>>
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support:
>>> http://suricata-ids.org/support/
>>> List:
>>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> OISF: http://www.openinfosecfoundation.org/
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130226/c1ba5565/attachment-0002.html>

More information about the Oisf-users mailing list