[Oisf-users] Getting Errors on Suricata Startup

Leonard Jacobs ljacobs at netsecuris.com
Thu Jan 23 06:18:34 UTC 2020

I do not want to use af-packet mode.  This sensor is not in-line.  It is on a span port.  I want af-packet disabled.

I installed it with a PPA.



 From:   Andreas Herz <andi at geekosphere.org> 
 To:   <oisf-users at lists.openinfosecfoundation.org> 
 Sent:   1/22/2020 5:17 PM 
 Subject:   Re: [Oisf-users] Getting Errors on Suricata Startup 

Hi Leonard,

first of all, please reply to the mailinglist not to me directly.

On 22/01/20 at 15:20, Leonard Jacobs wrote:
> If I run Suricata in daemon mode I don’t get the error.  Except sometimes I get a pid file error if don’t delete /var/run/Suricata.pid file first.

This is another issue but should be handled by the way the mode is run
from your system to take care of those pid files.

> I get the error below when running sudo /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eno2 &.
> I have attached the Suricata.yaml file.

I would suggest you add some configuration settings to the af-packet
interface settings in the configuration file, ideally with interface
eno2 or at least for a default interface. Currently no af-packet
settings are in your config file.


Andreas Herz
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200123/5032d98b/attachment.html>

More information about the Oisf-users mailing list