[Oisf-users] New Install Suricata with OinkMaster - No Rules Loaded

John Powell xq1xq1xq1 at yahoo.com
Sat Sep 20 19:52:43 UTC 2014


Coop - u da man!

All Warnings/Errors gone!!


Thanks so much for helping out a newbie :-)



On Saturday, September 20, 2014 8:29 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you have libjansson and the associated development libraries on your
system it should be enabled by default.  So, make sure those are
installed before you build suri.

Re: GRO/LRO, you want to disable all offloading features on your nic.

See this guide for details on disabling them:

> http://pevma.blogspot.com/2014/03/suricata-prepearing-10gbps-network.html

- -Coop


On 9/20/2014 7:14 AM, John Powell wrote:
> Hi,
> 
> I blew away my suricata config, copied and reconfigured the default
> config from the source.
> 
> I had followed one post that told me to add the rules to the
> suricata.yaml file which caused no end of grief.
> 
> I now get these warnings:
> 
> 20/9/2014 -- 08:04:21 - <Warning> - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)]
> - Eve-log support not compiled in. Reconfigure/recompile with libjansson
> and its development files installed to add eve-log support.
> 20/9/2014 -- 08:04:21 - <Warning> - [ERRCODE: SC_ERR_PCAP_CREATE(21)] -
> Using Pcap capture with GRO or LRO activated can lead to capture problems.
> 
> I could not find any instructions on compiling in eve-log support to
> suricata.  Any hints would be great!
> 
> What do I do about the PCAP error?  is there another way to capture?
> 
> Thanx,
> 
> John
> 



- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJUHY82AAoJEKIFRYQsa8FWCqwH/2JjV7eoQMmyHfIZLBDgj8pL
BShRj/JU1u5cG0ywfMuopm6QoSZx/v6vl2WIL7DgRkC4/GcSHETvUJfSS2QOafpp
m6LHg6JfY8wU6SH3n67SgYBjZFoWgNI3qh3F2Kv4cEXkQZfsKg/bTlyPhSS06DZd
mHWHbtazd6jZe+fmrme0JANwRxj2gqG8cBZKGce0zJZDYzsqwumAppXMKDZ4gg8P
dIX2r5x2/lI2zr5ZM2bce4WaYlc+fkPnP5dfM9okIml5sIKsE2LmghyRlAWdlk+g
ZZDPzxqC9qCZDIv1o8HR4zIFY8S3JIPXd1ANcz5NWlO/7N706ytTWPO08IMbZrA=
=QP2k
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140920/5b19a1e0/attachment-0002.html>


More information about the Oisf-users mailing list