[Oisf-users] Processing offline pcap files with suricata
C. L. Martinez
carlopmart at gmail.com
Mon Oct 6 14:04:02 UTC 2014
Hi all,
Sorry for the stupid question but if I remember well suricata can
process offline pcap files. I have tried with "-r" switch without
luck, returns the following error:
6/10/2014 -- 13:42:24 - <Info> - 18 rule files processed. 13253 rules
successfully loaded, 0 rules failed
6/10/2014 -- 13:42:48 - <Info> - 13253 signatures processed. 748 are
IP-only rules, 3713 are inspecting packet payload, 11179 inspect
application layer, 0 are decoder event only
6/10/2014 -- 13:42:48 - <Info> - building signature grouping
structure, stage 1: adding signatures to signature source addresses...
complete
6/10/2014 -- 13:42:48 - <Info> - building signature grouping
structure, stage 2: building source address list... complete
6/10/2014 -- 13:43:07 - <Info> - building signature grouping
structure, stage 3: building destination address lists... complete
6/10/2014 -- 13:43:07 - <Info> - Registered 13253 rule profiling counters.
6/10/2014 -- 13:43:07 - <Info> - Threshold config parsed: 4 rule(s) found
6/10/2014 -- 13:43:07 - <Info> - Max dump is 0
6/10/2014 -- 13:43:07 - <Info> - Core dump setting attempted is 0
6/10/2014 -- 13:43:07 - <Info> - Core dump size set to 0
6/10/2014 -- 13:43:07 - <Info> - fast output device (regular)
initialized: fast.log
6/10/2014 -- 13:43:07 - <Info> - Unified2-alert initialized: filename
unified2.alert, limit 5 MB
6/10/2014 -- 13:43:07 - <Error> - [ERRCODE: SC_ERR_RUNMODE(187)] - The
custom type "workers" doesn't exist for this runmode type "PCAP_FILE".
Please use --list-runmodes to see available custom types for this
runmode
Suricata release is 1.4.7 (yes I know, I need to upgrade to 2.0.x).
What am I doing wrong?
More information about the Oisf-users
mailing list