[Oisf-users] Suricata does not start in NFQ mode
Jason Ish
lists at unx.ca
Sat Aug 8 21:42:54 UTC 2015
Hi James,
I have not used nfq mode myself in a long time, but read further inline...
On Sat, Aug 8, 2015 at 3:10 PM, James Moe <jimoe at sohnen-moe.com> wrote:
> linux 3.16.7-21-desktop x86_64
>
> I built suricata with --enable-nfqueue. When I add "-q 0" to the
> command line, the following error is emitted:
>
> /usr/local/bin/suricata -v --pidfile /d500g/var/run/suricata.pid -c
> /usr/local/etc/suricata/suricata.yaml -q 0 -i eth0
> 8/8/2015 -- 13:38:25 - <Error> - [ERRCODE:
> SC_ERR_MULTIPLE_RUN_MODE(126)] - more than one run mode has been specified
> Suricata 2.0.8
I believe with NFQ you do not specify an interface with -i. -i tells
Suricata to use pcap mode on that interface. With NFQ, Suricata
doesn't need to know which interface to listen on, that would be setup
with the iptables tools.
Hope that helps,
Jason
More information about the Oisf-users
mailing list