[Oisf-users] suricata run error

bush djw25521 at 163.com
Thu Nov 8 07:48:01 UTC 2018 

Hi,


When i run suricata, i got some errors.  The information is below:

#suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml -i eth2 --init-errors-fatal
8/11/2018 -- 15:26:23 - <Notice> - This is Suricata version 3.1 RELEASE
8/11/2018 -- 15:26:37 - <Warning> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Using AF_PACKET with GRO or LRO activated can lead to capture problems
8/11/2018 -- 15:26:37 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Protocol not available
8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
8/11/2018 -- 15:26:37 - <Notice> - Signal Received.  Stopping engine.
8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Protocol not available
8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Protocol not available
8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Protocol not available
8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
8/11/2018 -- 15:26:38 - <Notice> - Stats for 'eth2':  pkts: 0, drop: 0 (-nan%), invalid chksum: 0


variables suricata.yaml 
The af-packet options in suricata.yaml configure file are set as following:
af-packet:
  - interface: eth2
    cluster-id: 99
    cluster-type: cluster_flow
    defrag: yes
  - interface: default


My OS is: CentOS release 6.4 (Final)


Can anyone give me help to solve the problem above?


--

Best Regards
DeJin Wang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181108/72565941/attachment.html>

More information about the Oisf-users mailing list