[Oisf-users] Suricata fails to start (Suricata 4.1.4)
David Decker
x.faith at gmail.com
Tue Jun 4 17:24:24 UTC 2019
Shivani
This what we are trying:
suricata -c suricata.yaml --PCAP=default
and this is the error in the suricata.log
Failure when trying to get feature ioctl for “default”; no such device
On Mon, Jun 3, 2019 at 10:36 PM David Decker <x.faith at gmail.com> wrote:
> It could have been --pcap, will have to verify this in the morning.
>
> Thanks
>
> On Mon, Jun 3, 2019 at 10:24 PM Shivani Bhardwaj <shivanib134 at gmail.com>
> wrote:
>
>> Hi David!
>>
>> On Tue, Jun 4, 2019 at 9:02 AM David Decker <x.faith at gmail.com> wrote:
>> >
>> > Working on a project that uses Suricata, (just rcvd)
>> > Suricata is failing to start at boot.
>> >
>> > One thing we noticed was
>> > suricata -c suricata.yaml pcap default (was a command line) where it
>> states it failed.
>> >
>> > I understand the -c is for suricata.yaml to use as configuration file,
>> but what is the PCAP default used for?
>> > Dont think I have seen this before.
>> > Where is the best place to start troubleshooting?
>> >
>> I think you could try the "-vv" option to the command and maybe check
>> if the logs can reveal something for you then?
>> There is "--pcap" option for running suricata in PCAP mode (see
>>
>> https://suricata.readthedocs.io/en/suricata-4.1.3/command-line-options.html#cmdoption-pcap
>> ),
>> however with just "pcap", it seems that the output is the same as
>> running simply "suricata" on command line.
>>
>> Let us know if you find anything in the verbose output that we can use
>> to assist you.
>>
>> > Thanks
>> > David
>> > _______________________________________________
>> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> > Site: http://suricata-ids.org | Support:
>> http://suricata-ids.org/support/
>> > List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >
>> > Conference: https://suricon.net
>> > Trainings: https://suricata-ids.org/training/
>>
>>
>>
>> --
>> Shivani
>> https://about.me/shivani.bhardwaj
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190604/ab6d1555/attachment.html>
More information about the Oisf-users
mailing list