[Oisf-users] suricata run error

Peter Manev petermanev at gmail.com
Thu Nov 8 10:24:24 UTC 2018 


> On 8 Nov 2018, at 10:04, bush <djw25521 at 163.com> wrote:
> 
> Hi,
> 
> Thanks for your reply.
> 
> use "suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml --init-errors-fatal --pcap=eth2" command can work in addition to this warning: 
> <Warning> - [ERRCODE: SC_ERR_PCAP_CREATE(21)] - Using Pcap capture with GRO or LRO activated can lead to capture problems
> 
> My kernel verison is 2.6.32.  Is this version too old to support  AF_PACKET?

Yes - both Suricata and kernel versions are too old. 
You should try the freshly released 4.1 - has a bunch of more features.
https://suricata-ids.org/2018/11/06/suricata-4-1-released/

> --
> Best Regards
> Wangdejin
> 
> 
> At 2018-11-08 15:57:16, "Eric Leblond" <eric at regit.org> wrote:
> >Hello,
> >
> >On Thu, 2018-11-08 at 15:48 +0800, bush wrote:
> >> Hi,
> >> 
> >> When i run suricata, i got some errors.  The information is below:
> >> #suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml -i eth2
> >> --init-errors-fatal
> >> 8/11/2018 -- 15:26:23 - <Notice> - This is Suricata version 3.1
> >> RELEASE
> >...
> >> 8/11/2018 -- 15:26:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] -
> >> Couldn't init AF_PACKET socket, fatal error
> >> 8/11/2018 -- 15:26:38 - <Notice> - Stats for 'eth2':  pkts: 0, drop:
> >> 0 (-nan%), invalid chksum: 0
> >> 
> >> variables suricata.yaml 
> >> The af-packet options in suricata.yaml configure file are set as
> >> following:
> >> af-packet:
> >>   - interface: eth2
> >>     cluster-id: 99
> >>     cluster-type: cluster_flow
> >>     defrag: yes
> >>   - interface: default
> >> 
> >> My OS is: CentOS release 6.4 (Final)
> >
> >This may be a bit old for AF_PACKET. What kernel is running there ?
> >
> >Can you try
> >
> >suricata -c /data/wangdj/suricata/etc/suricata/suricata.yaml --init-errors-fatal --pcap=eth2
> >
> >to force libpcap support and see if this one is working correctly ?
> >
> >BR,
> >-- 
> >Eric Leblond <eric at regit.org>
> 
> 
>  
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181108/9322c2ca/attachment.html>

More information about the Oisf-users mailing list