[Oisf-users] suricata not generating logs

mostafa ammar mostafaammar79 at gmail.com
Fri Jul 1 15:15:11 UTC 2016


Dear All,

Thanks for your reply , it is working fine the logs did not mean any error
. I can see logs in fast.log , thanks for your responses .

On Tue, Jun 28, 2016 at 2:20 PM, Leonard <ljacobs at netsecuris.com> wrote:

> Did you initiate af-packet in your Suricata start up command using
> --af-packet on the end of command?  I don't see that in your message.
>
> https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
>
> Sent from my iPhone
>
> On Jun 27, 2016, at 5:25 PM, mostafa ammar <mostafaammar79 at gmail.com>
> wrote:
>
> Dear All,
>
> I am newbie to suricata , i installed suricata and now it is running but i
> cannot see any logs for a
>  and captruring i can see traffic on eth0 (I am running suricata on it), I
> added rule to detect pings in emerging-dos.rules and it is not generating
> any logs .
>
> also i see am erorr on interface is this error cause of the problem
>
> kindly find the
> sudo suricata -c /usr/local/etc/suricata/suricata.yaml -i eth0
> --init-errors-fatal
> [16193] 28/6/2016 -- 00:09:40 - (suricata.c:1086) <Notice>
> (SCPrintVersion) -- This is Suricata version 3.1dev (rev 4111331)
> [16193] 28/6/2016 -- 00:09:43 - (util-ioctl.c:341) <Warning>
> (GetIfaceOffloadingLinux) -- [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC
> offloading on eth0: SG: SET,  GRO: SET, LRO: unset, TSO: SET, GSO: SET.
> Run: ethtool -K eth0 sg off gro off lro off tso off gso off
> [16193] 28/6/2016 -- 00:09:43 - (runmode-af-packet.c:447) <Warning>
> (ParseAFPConfig) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Using AF_PACKET
> with offloading activated leads to capture problems
> [16193] 28/6/2016 -- 00:09:43 - (tm-threads.c:2168) <Notice>
> (TmThreadWaitOnThreadInit) -- all 1 packet processing threads, 4 management
> threads initialized, engine started.
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160701/89f8ccdf/attachment.html>


More information about the Oisf-users mailing list