[Oisf-users] issues with 2.1- beta3
Peter Manev
petermanev at gmail.com
Tue Feb 10 13:20:48 UTC 2015
On Tue, Feb 10, 2015 at 2:36 AM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
> Hi
>
> I am trying out the 2.1 beta which I installed from the PPA.
>
> When run it writes the following to log and the appears to hang. You need to use -9 to kill it.
>
> To console:
>
> sensors at secmontst01:~$ cat dmz-test/run/suricata-startup
> 10/2/2015 -- 14:23:39 - <Info> - Configuration node 'SMTP_SERVERS' redefined.
> Initialization syslog logging with format "[%i] <%d> -- ".
> 10/2/2015 -- 14:23:39 - <Notice> - This is Suricata version 2.1beta3 RELEASE
>
> to syslog:
>
> Feb 10 14:23:39 secmontst01 suricata: 10/2/2015 -- 14:23:39 - <Notice> - This is Suricata version 2.1beta3 RELEASE
> Feb 10 14:23:47 secmontst01 suricata: 10/2/2015 -- 14:23:47 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2006435, gid 1: unknown rule
> Feb 10 14:23:48 secmontst01 suricata: 10/2/2015 -- 14:23:48 - <Notice> - all 16 packet processing threads, 4 management threads initialized, engine started.
>
I see a normal star up process here - "engine started" (except for the
sid 2006435 not loading for some reason of course)
How do you mean "hangs"? Not inspecting traffic, are the logs being
populated/counters increased?
> I have taken the suricata.yaml file that came with the distro and gone through and made all the changes I need so I may have broken something there. I have attached the output from —dump-config
>
> Russell
>
>
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list