[Oisf-users] suricata run error
bush
djw25521 at 163.com
Thu Nov 8 09:04:43 UTC 2018
Hi,
Thanks for your reply.
use "suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml --init-errors-fatal --pcap=eth2" command can work in addition to this warning:
<Warning> - [ERRCODE: SC_ERR_PCAP_CREATE(21)] - Using Pcap capture with GRO or LRO activated can lead to capture problems
My kernel verison is 2.6.32. Is this version too old to support AF_PACKET?
--
Best Regards
Wangdejin
At 2018-11-08 15:57:16, "Eric Leblond" <eric at regit.org> wrote:
>Hello,
>
>On Thu, 2018-11-08 at 15:48 +0800, bush wrote:
>> Hi,
>>
>> When i run suricata, i got some errors. The information is below:
>> #suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml -i eth2
>> --init-errors-fatal
>> 8/11/2018 -- 15:26:23 - <Notice> - This is Suricata version 3.1
>> RELEASE
>...
>> 8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -
>> Couldn't init AF_PACKET socket, fatal error
>> 8/11/2018 -- 15:26:38 - <Notice> - Stats for 'eth2': pkts: 0, drop:
>> 0 (-nan%), invalid chksum: 0
>>
>> variables suricata.yaml
>> The af-packet options in suricata.yaml configure file are set as
>> following:
>> af-packet:
>> - interface: eth2
>> cluster-id: 99
>> cluster-type: cluster_flow
>> defrag: yes
>> - interface: default
>>
>> My OS is: CentOS release 6.4 (Final)
>
>This may be a bit old for AF_PACKET. What kernel is running there ?
>
>Can you try
>
>suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml --init-errors-fatal --pcap=eth2
>
>to force libpcap support and see if this one is working correctly ?
>
>BR,
>--
>Eric Leblond <eric at regit.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181108/1b10bfed/attachment.html>
More information about the Oisf-users
mailing list