[Oisf-users] Can't start AF_PACKET in Workers mode?
Eric Leblond
eric at regit.org
Mon Mar 28 20:16:46 UTC 2016
Hello,
On Mon, 2016-03-28 at 20:13 +0000, Cloherty, Sean E wrote:
> This is what I use currently:
>
> /usr/bin/suricata -c /etc/suricata/suricata.yaml --user=suri --
> group=suri -v --af-packet=ens1f1 --runmode=workers -D
You can always suricatas unix socket to get the running mode:
sudo suricatasc -c running-mode
++
> -----Original Message-----
> From: Cooper F. Nelson [mailto:cnelson at ucsd.edu]
> Sent: Monday, March 28, 2016 16:10 PM
> To: Cloherty, Sean E <scloherty at mitre.org>; oisf-users at lists.openinfo
> secfoundation.org
> Subject: Re: [Oisf-users] Can't start AF_PACKET in Workers mode?
>
> What is the command line use use to start suricata?
>
> On 3/28/2016 12:47 PM, Cloherty, Sean E wrote:
> >
> > ( buried in an earlier email about a different topic . . . )
> >
> >
> >
> > An odd behavior I am noticing is that despite setting the afpacket
> > mode to workers, both in the yaml file and on the command line,
> > the
> > start messages always notes autofp mode. Am I reading that
> > correctly?
> > What could cause that? I am running in IDS mode in case that is of
> > note.
> >
> >
> >
> > When I start up - the last line is as below.
> >
> >
> >
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-
> ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-u
> sers
> Suricata User Conference November 9-11 in Washington, DC: http://oisf
> events.net
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list