[Oisf-users] suricata not generating logs
Leonard
ljacobs at netsecuris.com
Tue Jun 28 12:20:38 UTC 2016
Did you initiate af-packet in your Suricata start up command using --af-packet on the end of command? I don't see that in your message.
https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
Sent from my iPhone
> On Jun 27, 2016, at 5:25 PM, mostafa ammar <mostafaammar79 at gmail.com> wrote:
>
> Dear All,
>
> I am newbie to suricata , i installed suricata and now it is running but i cannot see any logs for a
> and captruring i can see traffic on eth0 (I am running suricata on it), I added rule to detect pings in emerging-dos.rules and it is not generating any logs .
>
> also i see am erorr on interface is this error cause of the problem
>
> kindly find the
> sudo suricata -c /usr/local/etc/suricata/suricata.yaml -i eth0 --init-errors-fatal
> [16193] 28/6/2016 -- 00:09:40 - (suricata.c:1086) <Notice> (SCPrintVersion) -- This is Suricata version 3.1dev (rev 4111331)
> [16193] 28/6/2016 -- 00:09:43 - (util-ioctl.c:341) <Warning> (GetIfaceOffloadingLinux) -- [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: SG: SET, GRO: SET, LRO: unset, TSO: SET, GSO: SET. Run: ethtool -K eth0 sg off gro off lro off tso off gso off
> [16193] 28/6/2016 -- 00:09:43 - (runmode-af-packet.c:447) <Warning> (ParseAFPConfig) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Using AF_PACKET with offloading activated leads to capture problems
> [16193] 28/6/2016 -- 00:09:43 - (tm-threads.c:2168) <Notice> (TmThreadWaitOnThreadInit) -- all 1 packet processing threads, 4 management threads initialized, engine started.
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160628/deda799b/attachment-0002.html>
More information about the Oisf-users
mailing list