[Oisf-users] suricata does not start in a script

Mon May 4 23:40:29 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

suricata 2.0.7
linux 3.16.7-21-desktop x86_64

  I created a shell script to start and stop suricata.
  The stop function works fine.
  Starting, however, does not. And I do not see what the difference is.

- ----[ command ]----
/usr/local/bin/suricata -v --pidfile /usr/local/var/run/suricata.pid -c
/usr/local/etc/suricata/suricata.yaml -i eth0 | tee
/usr/local/var/log/suricata/verbose.log &
- ----[ end ]----

- ----[ started from script ]----
4/5/2015 -- 16:27:03 - <Info> - Found an MTU of 1500 for 'eth0'
4/5/2015 -- 16:27:03 - <Info> - Set snaplen to 1516 for 'eth0'

4/5/2015 -- 16:27:03 - <Error> - [ERRCODE: SC_ERR_BPF(127)] - bpf
compilation error syntax error
4/5/2015 -- 16:27:03 - <Info> - RunModeIdsPcapAutoFp initialised
4/5/2015 -- 16:27:03 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] -
thread "RxPcapeth01" closed on initialization.
4/5/2015 -- 16:27:03 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] -
Engine initialization failed, aborting...
- ----[ end ]----

- ----[ started from command line ]----
4/5/2015 -- 16:30:03 - <Info> - Found an MTU of 1500 for 'eth0'
4/5/2015 -- 16:30:03 - <Info> - Set snaplen to 1516 for 'eth0'

4/5/2015 -- 16:30:03 - <Info> - Generic Receive Offload is unset on eth0
4/5/2015 -- 16:30:03 - <Info> - Large Receive Offload is unset on eth0
4/5/2015 -- 16:30:03 - <Info> - RunModeIdsPcapAutoFp initialised
4/5/2015 -- 16:30:03 - <Notice> - all 7 packet processing threads, 3
management threads initialized, engine started.
- ----[ end ]----

- ----[ script ]----
SURI="/usr/local/bin/suricata";
LOG="/usr/local/var/log/suricata";
PID="/usr/local/var/run/suricata.pid";

OPT1="-c /usr/local/etc/suricata/suricata.yaml";
OPT2="--pidfile /usr/local/var/run/suricata.pid";
OPT3="-v"

case $1 in
    stop)
	CMD="No PID found";
        if [ -f ${PID} ]
        then
            CMD="/usr/bin/kill $(cat ${PID})"
            ${CMD}
        fi
        ;;

    start) CMD="${SURI} ${OPT3} ${OPT2} ${OPT1} -i eth0 | tee
${LOG}/verbose.log &"
        ethtool -K eth0 gro off
        # ethtool -K eth0 lro on
        echo ${CMD}
        ${CMD}
        ;;

    *) CMD='echo "Usage: suricata-ctl.sh {start |  stop}"';;
esac

echo ${CMD}
exit 0;
- ----[ end ]----

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlVIA20ACgkQzTcr8Prq0ZNGRQCglhtuGEmO4xWP5jGGcGKLczwV
eb0AoINojJXZFlowX4lGrm/Av5ZrnpeQ
=2cZO
-----END PGP SIGNATURE-----