[Oisf-users] Getting Errors on Suricata Startup

Leonard’s Netsecuris ljacobs at netsecuris.com
Thu Jan 23 14:56:35 UTC 2020 

Is that take into consideration settings in suricata.yaml when starting Suricata that way?

> On Jan 23, 2020, at 1:03 AM, Peter Manev <petermanev at gmail.com> wrote:
> 
> 
> 
> 
>> On Thu, Jan 23, 2020 at 8:18 AM Leonard Jacobs <ljacobs at netsecuris.com> wrote:
>> I do not want to use af-packet mode.  This sensor is not in-line.  It is on a span port.  I want af-packet disabled.
>> 
> 
> 
> You can try 
> sudo suricata -i eth0 --runmode=autofp
>  
>> I installed it with a PPA.
>> 
>> Thanks.
>> 
>> Leonard
>> 
>> 
>> From: Andreas Herz <andi at geekosphere.org> 
>> To: <oisf-users at lists.openinfosecfoundation.org> 
>> Sent: 1/22/2020 5:17 PM 
>> Subject: Re: [Oisf-users] Getting Errors on Suricata Startup 
>> 
>> Hi Leonard,
>> 
>> first of all, please reply to the mailinglist not to me directly.
>> 
>> On 22/01/20 at 15:20, Leonard Jacobs wrote:
>> > If I run Suricata in daemon mode I don’t get the error.  Except sometimes I get a pid file error if don’t delete /var/run/Suricata.pid file first.
>> 
>> This is another issue but should be handled by the way the mode is run
>> from your system to take care of those pid files.
>> 
>> > I get the error below when running sudo /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eno2 &.
>> > 
>> > I have attached the Suricata.yaml file.
>> 
>> I would suggest you add some configuration settings to the af-packet
>> interface settings in the configuration file, ideally with interface
>> eno2 or at least for a default interface. Currently no af-packet
>> settings are in your config file.
>> 
>> Andi
>> 
>> -- 
>> Andreas Herz
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> 
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> 
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
> 
> 
> -- 
> Regards,
> Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200123/8bc5a6f8/attachment.html>

More information about the Oisf-users mailing list