[Oisf-users] New Install Suricata with OinkMaster - No Rules Loaded

John Powell xq1xq1xq1 at yahoo.com
Sat Sep 20 19:52:43 UTC 2014

Coop - u da man!

All Warnings/Errors gone!!

Thanks so much for helping out a newbie :-)

On Saturday, September 20, 2014 8:29 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

Hash: SHA1

If you have libjansson and the associated development libraries on your
system it should be enabled by default.  So, make sure those are
installed before you build suri.

Re: GRO/LRO, you want to disable all offloading features on your nic.

See this guide for details on disabling them:

> http://pevma.blogspot.com/2014/03/suricata-prepearing-10gbps-network.html

- -Coop

On 9/20/2014 7:14 AM, John Powell wrote:
> Hi,
> I blew away my suricata config, copied and reconfigured the default
> config from the source.
> I had followed one post that told me to add the rules to the
> suricata.yaml file which caused no end of grief.
> I now get these warnings:
> 20/9/2014 -- 08:04:21 - <Warning> - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)]
> - Eve-log support not compiled in. Reconfigure/recompile with libjansson
> and its development files installed to add eve-log support.
> 20/9/2014 -- 08:04:21 - <Warning> - [ERRCODE: SC_ERR_PCAP_CREATE(21)] -
> Using Pcap capture with GRO or LRO activated can lead to capture problems.
> I could not find any instructions on compiling in eve-log support to
> suricata.  Any hints would be great!
> What do I do about the PCAP error?  is there another way to capture?
> Thanx,
> John

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
Version: GnuPG v2.0.17 (MingW32)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140920/5b19a1e0/attachment-0002.html>

More information about the Oisf-users mailing list