[Oisf-users] Can't start AF_PACKET in Workers mode?

Cloherty, Sean E scloherty at mitre.org
Mon Mar 28 20:21:35 UTC 2016


I didn't compile it with that option.  I think I will try that tomorrow with 3.0.1RC1.

-----Original Message-----
From: Eric Leblond [mailto:eric at regit.org] 
Sent: Monday, March 28, 2016 16:17 PM
To: Cloherty, Sean E <scloherty at mitre.org>; Cooper F. Nelson <cnelson at ucsd.edu>; oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Can't start AF_PACKET in Workers mode?

Hello,

On Mon, 2016-03-28 at 20:13 +0000, Cloherty, Sean E wrote:
> This is what I use currently:
> 
> /usr/bin/suricata -c /etc/suricata/suricata.yaml --user=suri -- 
> group=suri -v --af-packet=ens1f1 --runmode=workers -D

You can always suricatas unix socket to get the running mode:

 sudo suricatasc -c running-mode

++

> -----Original Message-----
> From: Cooper F. Nelson [mailto:cnelson at ucsd.edu]
> Sent: Monday, March 28, 2016 16:10 PM
> To: Cloherty, Sean E <scloherty at mitre.org>; oisf-users at lists.openinfo 
> secfoundation.org
> Subject: Re: [Oisf-users] Can't start AF_PACKET in Workers mode?
> 
> What is the command line use use to start suricata?
> 
> On 3/28/2016 12:47 PM, Cloherty, Sean E wrote:
> > 
> > ( buried in an earlier email about a different topic . . . )
> > 
> >  
> > 
> > An odd behavior I am noticing is that despite setting the afpacket 
> > mode to workers, both in the yaml file and on the command line, the 
> > start messages always notes autofp mode.  Am I reading that 
> > correctly?
> > What could cause that?  I am running in IDS mode in case that is of 
> > note.
> > 
> >  
> > 
> > When I start up - the last line is as below.
> > 
> >  
> > 
> 
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata- 
> ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-u
> sers
> Suricata User Conference November 9-11 in Washington, DC: http://oisf 
> events.net
--
Eric Leblond <eric at regit.org>





More information about the Oisf-users mailing list