Project

General

Profile

Actions

Bug #1973

closed

suricata fails to start because of unix socket

Added by Victor Julien almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

[10995] 1/12/2016 -- 14:44:09 - (unix-manager.c:196) <Warning> (UnixNew) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Unix socket: UNIX socket bind(/var/run/suricata/suricata-command.socket) error: No such file or directory
[10995] 1/12/2016 -- 14:44:09 - (unix-manager.c:912) <Error> (UnixManagerThreadInit) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Unable to create unix command socket
[10982] 1/12/2016 -- 14:44:09 - (tm-threads.c:2084) <Error> (TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "US" closed on initialization.
[10982] 1/12/2016 -- 14:44:09 - (suricata.c:2649) <Error> (main) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
Actions #1

Updated by Victor Julien almost 5 years ago

Workaround 1:

Create the dir that is missing, in the above example /var/run/suricata. Note that some systems remove this on reboot.

Workaround 2:

Disable unix socket on the command line by passing: '--set unix-command.enabled=false'

Workaround 3:

Disable unix socket in your yaml:

unix-command:
  enabled: false
  #filename: custom.socket

Actions #2

Updated by Victor Julien almost 5 years ago

  • Status changed from Assigned to Closed
Actions #3

Updated by Victor Julien almost 5 years ago

If the directory does exist but the permissions are wrong (usually when running as a user instead of root), then we can run into the same issue:

[ERRCODE: SC_ERR_INITIALIZATION(45)] - Unix socket: UNIX socket bind(/var/run/suricata/suricata-command.socket) error: Permission denied

In this case change the permissions and/or ownership of the /var/run/suricata/ directory.

Actions

Also available in: Atom PDF