[Oisf-users] Suricata fails to start (Suricata 4.1.4)
Shivani Bhardwaj
shivanib134 at gmail.com
Tue Jun 4 05:24:19 UTC 2019
Hi David!
On Tue, Jun 4, 2019 at 9:02 AM David Decker <x.faith at gmail.com> wrote:
>
> Working on a project that uses Suricata, (just rcvd)
> Suricata is failing to start at boot.
>
> One thing we noticed was
> suricata -c suricata.yaml pcap default (was a command line) where it states it failed.
>
> I understand the -c is for suricata.yaml to use as configuration file, but what is the PCAP default used for?
> Dont think I have seen this before.
> Where is the best place to start troubleshooting?
>
I think you could try the "-vv" option to the command and maybe check
if the logs can reveal something for you then?
There is "--pcap" option for running suricata in PCAP mode (see
https://suricata.readthedocs.io/en/suricata-4.1.3/command-line-options.html#cmdoption-pcap),
however with just "pcap", it seems that the output is the same as
running simply "suricata" on command line.
Let us know if you find anything in the verbose output that we can use
to assist you.
> Thanks
> David
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Shivani
https://about.me/shivani.bhardwaj
More information about the Oisf-users
mailing list