[Oisf-users] Getting Errors on Suricata Startup
Leonard Jacobs
ljacobs at netsecuris.com
Thu Jan 23 06:18:34 UTC 2020
I do not want to use af-packet mode. This sensor is not in-line. It is on a span port. I want af-packet disabled.
I installed it with a PPA.
Thanks.
Leonard
From: Andreas Herz <andi at geekosphere.org>
To: <oisf-users at lists.openinfosecfoundation.org>
Sent: 1/22/2020 5:17 PM
Subject: Re: [Oisf-users] Getting Errors on Suricata Startup
Hi Leonard,
first of all, please reply to the mailinglist not to me directly.
On 22/01/20 at 15:20, Leonard Jacobs wrote:
> If I run Suricata in daemon mode I don’t get the error. Except sometimes I get a pid file error if don’t delete /var/run/Suricata.pid file first.
This is another issue but should be handled by the way the mode is run
from your system to take care of those pid files.
> I get the error below when running sudo /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eno2 &.
>
> I have attached the Suricata.yaml file.
I would suggest you add some configuration settings to the af-packet
interface settings in the configuration file, ideally with interface
eno2 or at least for a default interface. Currently no af-packet
settings are in your config file.
Andi
--
Andreas Herz
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200123/5032d98b/attachment.html>
More information about the Oisf-users
mailing list