[Oisf-users] suricata not logging

Victor Julien lists at inliniac.net
Fri May 6 07:03:12 UTC 2016 

On 01-05-16 17:03, Chris Boley wrote:
> This might be rhetorical, but with the second version of your startup
> command there is a second thing that needs to be run.
> 
> sudo iptables -I FORWARD -j NFQUEUE
> 
> The second way you ran it indicates that you're attempting to run
> suricata in an inline mode. First you must have your binary set up and
> compiled correctly to do so.
> 
> If you installed from PPA it's precompiled in there but I recommend you
> compile from source because it will optimize the binary for your processor
> Are you doing that? If you are you also should create a bridge interface
> in your /etc/network/interfaces file.
> 
> I might just be saying redundant things but wanted a clear picture of
> what you've got going on.
> 

I believe this issue was also reported & resolved here:

http://stackoverflow.com/questions/36956992/suricata-does-not-work-inline-mode/36957385#36957385

Cheers,
Victor

> 
> 
> On Sun, May 1, 2016 at 10:47 AM, Tamás <tamas at adatbazis.eu
> <mailto:tamas at adatbazis.eu>> wrote:
> 
>     Hi all!
> 
>     I have installed Debian 7.10 and Suricata 3.0.1.
> 
>     suricata run command:
> 
>     suricata -D --pidfile /var/run/suricata.pid -c
>     /etc/suricata/suricata.yaml --af-packet=eth0
> 
>     then run perfectly, creates log, etc... but if
> 
>     suricata -D --pidfile /var/run/suricata.pid -c
>     /etc/suricata/suricata.yaml -q 0
> 
>     suricata no creates log, does not write /var/log/suricata/*.log
>     files, and nothing happens...
> 
>     This is a VirtualBox Virtual Machine with 1 NIC. I have installed 3
>     vbox machine and problem is really exists on all 3 servers.
> 
>     Outgoing traffic is logged, only ingoing traffic is not logged.
> 
>     Anyone can help?
>     _______________________________________________
>     Suricata IDS Users mailing list:
>     oisf-users at openinfosecfoundation.org
>     <mailto:oisf-users at openinfosecfoundation.org>
>     Site: http://suricata-ids.org | Support:
>     http://suricata-ids.org/support/
>     List:
>     https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>     Suricata User Conference November 9-11 in Washington, DC:
>     http://oisfevents.net
> 
> 
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list