[Oisf-users] suricata not logging

Chris Boley ilgtech75 at gmail.com
Sun May 1 15:03:06 UTC 2016


This might be rhetorical, but with the second version of your startup
command there is a second thing that needs to be run.

sudo iptables -I FORWARD -j NFQUEUE

The second way you ran it indicates that you're attempting to run
suricata in an inline mode. First you must have your binary set up and
compiled correctly to do so.

If you installed from PPA it's precompiled in there but I recommend
you compile from source because it will optimize the binary for your
processor
Are you doing that? If you are you also should create a bridge
interface in your /etc/network/interfaces file.

I might just be saying redundant things but wanted a clear picture of
what you've got going on.



On Sun, May 1, 2016 at 10:47 AM, Tamás <tamas at adatbazis.eu> wrote:

> Hi all!
>
> I have installed Debian 7.10 and Suricata 3.0.1.
>
> suricata run command:
>
> suricata -D --pidfile /var/run/suricata.pid -c /etc/suricata/suricata.yaml
> --af-packet=eth0
>
> then run perfectly, creates log, etc... but if
>
> suricata -D --pidfile /var/run/suricata.pid -c /etc/suricata/suricata.yaml
> -q 0
>
> suricata no creates log, does not write /var/log/suricata/*.log files, and
> nothing happens...
>
> This is a VirtualBox Virtual Machine with 1 NIC. I have installed 3 vbox
> machine and problem is really exists on all 3 servers.
>
> Outgoing traffic is logged, only ingoing traffic is not logged.
>
> Anyone can help?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160501/fe8a17f4/attachment-0002.html>


More information about the Oisf-users mailing list