[Oisf-users] suricata run error
Eric Leblond
eric at regit.org
Thu Nov 8 07:57:16 UTC 2018
Hello,
On Thu, 2018-11-08 at 15:48 +0800, bush wrote:
> Hi,
>
> When i run suricata, i got some errors. The information is below:
> #suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml -i eth2
> --init-errors-fatal
> 8/11/2018 -- 15:26:23 - <Notice> - This is Suricata version 3.1
> RELEASE
...
> 8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -
> Couldn't init AF_PACKET socket, fatal error
> 8/11/2018 -- 15:26:38 - <Notice> - Stats for 'eth2': pkts: 0, drop:
> 0 (-nan%), invalid chksum: 0
>
> variables suricata.yaml
> The af-packet options in suricata.yaml configure file are set as
> following:
> af-packet:
> - interface: eth2
> cluster-id: 99
> cluster-type: cluster_flow
> defrag: yes
> - interface: default
>
> My OS is: CentOS release 6.4 (Final)
This may be a bit old for AF_PACKET. What kernel is running there ?
Can you try
suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml --init-errors-fatal --pcap=eth2
to force libpcap support and see if this one is working correctly ?
BR,
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list