[Oisf-users] Can't start AF_PACKET in Workers mode?
Cloherty, Sean E
scloherty at mitre.org
Mon Mar 28 20:13:33 UTC 2016
This is what I use currently:
/usr/bin/suricata -c /etc/suricata/suricata.yaml --user=suri --group=suri -v --af-packet=ens1f1 --runmode=workers -D
-----Original Message-----
From: Cooper F. Nelson [mailto:cnelson at ucsd.edu]
Sent: Monday, March 28, 2016 16:10 PM
To: Cloherty, Sean E <scloherty at mitre.org>; oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Can't start AF_PACKET in Workers mode?
What is the command line use use to start suricata?
On 3/28/2016 12:47 PM, Cloherty, Sean E wrote:
> ( buried in an earlier email about a different topic . . . )
>
>
>
> An odd behavior I am noticing is that despite setting the afpacket
> mode to workers, both in the yaml file and on the command line, the
> start messages always notes autofp mode. Am I reading that correctly?
> What could cause that? I am running in IDS mode in case that is of note.
>
>
>
> When I start up - the last line is as below.
>
>
>
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
More information about the Oisf-users
mailing list