[Oisf-users] Getting Errors on Suricata Startup

Peter Manev petermanev at gmail.com
Thu Jan 23 07:03:08 UTC 2020


On Thu, Jan 23, 2020 at 8:18 AM Leonard Jacobs <ljacobs at netsecuris.com>
wrote:

> I do not want to use af-packet mode.  This sensor is not in-line.  It is
> on a span port.  I want af-packet disabled.
>
>

You can try
sudo suricata -i eth0 --runmode=autofp


> I installed it with a PPA.
>
> Thanks.
>
> Leonard
>
>
> * From: * Andreas Herz <andi at geekosphere.org>
> * To: * <oisf-users at lists.openinfosecfoundation.org>
> * Sent: * 1/22/2020 5:17 PM
> * Subject: * Re: [Oisf-users] Getting Errors on Suricata Startup
>
> Hi Leonard,
>
> first of all, please reply to the mailinglist not to me directly.
>
> On 22/01/20 at 15:20, Leonard Jacobs wrote:
> > If I run Suricata in daemon mode I don’t get the error.  Except
> sometimes I get a pid file error if don’t delete /var/run/Suricata.pid file
> first.
>
> This is another issue but should be handled by the way the mode is run
> from your system to take care of those pid files.
>
> > I get the error below when running sudo /usr/bin/suricata -c
> /etc/suricata/suricata.yaml -i eno2 &.
> >
> > I have attached the Suricata.yaml file.
>
> I would suggest you add some configuration settings to the af-packet
> interface settings in the configuration file, ideally with interface
> eno2 or at least for a default interface. Currently no af-packet
> settings are in your config file.
>
> Andi
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200123/28a33060/attachment.html>


More information about the Oisf-users mailing list