[Oisf-users] Suricata does not start in NFQ mode
James Moe
jimoe at sohnen-moe.com
Sat Aug 8 21:10:08 UTC 2015
linux 3.16.7-21-desktop x86_64
I built suricata with --enable-nfqueue. When I add "-q 0" to the
command line, the following error is emitted:
/usr/local/bin/suricata -v --pidfile /d500g/var/run/suricata.pid -c
/usr/local/etc/suricata/suricata.yaml -q 0 -i eth0
8/8/2015 -- 13:38:25 - <Error> - [ERRCODE:
SC_ERR_MULTIPLE_RUN_MODE(126)] - more than one run mode has been specified
Suricata 2.0.8
Output from the non-NFQ instance filtered for "mode":
9/5/2015 -- 13:25:01 - <Info> - AutoFP mode using default "Active
Packets" flow load balancer
9/5/2015 -- 13:25:10 - <Info> - Running in 'auto' checksum mode.
Detection of interface state will require 1000 packets.
9/5/2015 -- 13:25:11 - <Info> - RunModeIdsPcapAutoFp initialised
I do not see where multiple modes have been specified.
The local and online documentation is not helpful in diagnosing the error.
In suricata.yaml is this:
runmode: autofp
What should the runmode be?
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150808/2e5ec016/attachment.pgp>
More information about the Oisf-users
mailing list