[Oisf-users] Problems running Suricata 3.1.1 under FreeBSD 10.3
Jason Ish
lists at unx.ca
Thu Jul 28 22:19:10 UTC 2016
On Thu, Jul 28, 2016 at 4:06 PM, Peter Manev <petermanev at gmail.com> wrote:
> On Wed, Jul 27, 2016 at 2:38 PM, C. L. Martinez <carlopmart at gmail.com> wrote:
>> Hi all,
>>
>> When I try to start suricata with these options: "--pcap -v -k none -D" under a FreeBSD 10.3 host (amd64, fully patched), the following errors appears:
>>
>> 27/7/2016 -- 13:29:53 - <Notice> - This is Suricata version 3.1.1 RELEASE
>> 27/7/2016 -- 13:29:53 - <Info> - CPUs/cores online: 1
>> 27/7/2016 -- 13:29:53 - <Info> - Found an MTU of 1500 for 'vtnet0'
>> 27/7/2016 -- 13:29:53 - <Info> - Found an MTU of 1500 for 'vtnet3'
>> 27/7/2016 -- 13:29:53 - <Info> - Found an MTU of 1500 for 'vtnet5'
>> 27/7/2016 -- 13:29:53 - <Info> - Max dump is 0
>> 27/7/2016 -- 13:29:53 - <Info> - Core dump setting attempted is 0
>> 27/7/2016 -- 13:29:53 - <Info> - Core dump size set to 0
>> 27/7/2016 -- 13:29:53 - <Info> - 3 rule files processed. 35 rules successfully loaded, 0 rules failed
>> 27/7/2016 -- 13:29:53 - <Info> - 35 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 35 inspect application layer, 0 are decoder event only
>> 27/7/2016 -- 13:29:53 - <Info> - Threshold config parsed: 0 rule(s) found
>> 27/7/2016 -- 13:29:53 - <Info> - fast output device (regular) initialized: fast.log
>> 27/7/2016 -- 13:29:53 - <Info> - stats output device (regular) initialized: stats.log
>> 27/7/2016 -- 13:29:53 - <Info> - Going to use 1 thread(s)
>> 27/7/2016 -- 13:29:53 - <Info> - using interface
>> 27/7/2016 -- 13:29:53 - <Error> - [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error BIOCSETIF failed: Device not configured
>
> Which interface triggers that err above?
This appears to be a regression between 3.0 and 3.1. Its picking up
the "" interface provided on the command line, where in 3.0 if it was
the empty it was ignored as it should be. Its not limited to FreeBSD,
but happens on Linux as well.
C.L.: Any chance you can file a bug report? If not, I'll try go get
to it tomorrow.
Thanks,
Jason
More information about the Oisf-users
mailing list