Support #2383
closedsuricata doesn't works
Description
suricata service does not start.
i tried with:
s$ suricata -i enp6s0 -c /etc/suricata/suricata.yaml -s /etc/suricata/rules -l /var/log/suricata -D –user suricata –group surucata
too
sudo suricata -c suricata.yaml -s emergencing-dns.rules -i enp6s0 19/12/2017 -- 22:56:47 - <Notice> - This is Suricata version 4.0.3 RELEASE 19/12/2017 -- 22:56:50 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern emergencing-dns.rules 19/12/2017 -- 22:56:52 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
the rules not load.
but the suricata service not exit!!!! why?
sudo service suricata start
Failed to start suricata.service: Unit suricata.service not found.
Updated by antonio fernandez over 6 years ago
/12/2017 -- 22:21:07 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 22:21:11 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
19/12/2017 -- 22:25:43 - <Notice> - Signal Received. Stopping engine.
19/12/2017 -- 22:25:43 - <Notice> - Stats for 'enp6s0': pkts: 7880, drop: 0 (0.00%), invalid chksum: 0
19/12/2017 -- 22:28:21 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 22:28:26 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
19/12/2017 -- 22:46:06 - <Notice> - Signal Received. Stopping engine.
19/12/2017 -- 22:46:06 - <Notice> - Stats for 'enp6s0': pkts: 16256, drop: 0 (0.00%), invalid chksum: 0
19/12/2017 -- 22:46:11 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 22:46:14 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern signatures.rules
19/12/2017 -- 22:46:15 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
19/12/2017 -- 22:52:26 - <Notice> - Signal Received. Stopping engine.
19/12/2017 -- 22:52:26 - <Notice> - Stats for 'enp6s0': pkts: 9460, drop: 0 (0.00%), invalid chksum: 0
19/12/2017 -- 22:54:29 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 22:54:34 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
19/12/2017 -- 22:54:34 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Filter compilation failed.
19/12/2017 -- 22:54:34 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Set AF_PACKET bpf filter "–user suricata –group surucata" failed.
19/12/2017 -- 22:54:34 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
19/12/2017 -- 22:54:34 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-enp6s0 failed
19/12/2017 -- 22:56:47 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 22:56:50 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern emergencing-dns.rules
19/12/2017 -- 22:56:52 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
19/12/2017 -- 23:11:28 - <Notice> - Signal Received. Stopping engine.
19/12/2017 -- 23:11:28 - <Notice> - Stats for 'enp6s0': pkts: 18339, drop: 0 (0.00%), invalid chksum: 0
19/12/2017 -- 23:14:54 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 23:14:54 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting!
19/12/2017 -- 23:22:06 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 23:22:10 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
19/12/2017 -- 23:22:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Filter compilation failed.
19/12/2017 -- 23:22:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Set AF_PACKET bpf filter "–init-errors-fatal" failed.
19/12/2017 -- 23:22:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
19/12/2017 -- 23:22:10 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-enp6s0 failed
19/12/2017 -- 23:25:19 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 23:25:23 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
19/12/2017 -- 23:28:03 - <Notice> - Signal Received. Stopping engine.
19/12/2017 -- 23:28:03 - <Notice> - Stats for 'enp6s0': pkts: 170, drop: 0 (0.00%), invalid chksum: 0
19/12/2017 -- 23:28:10 - <Notice> - This is Suricata version 4.0.3 RELEASE
19/12/2017 -- 23:28:14 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
20/12/2017 -- 00:18:04 - <Notice> - This is Suricata version 4.0.3 RELEASE
20/12/2017 -- 00:18:07 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
20/12/2017 -- 00:18:07 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Filter compilation failed.
20/12/2017 -- 00:18:07 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Set AF_PACKET bpf filter "–init-errors-fatal" failed.
20/12/2017 -- 00:18:07 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
20/12/2017 -- 00:18:07 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-enp6s0 failed
Updated by Victor Julien over 6 years ago
- Tracker changed from Bug to Support
- Description updated (diff)
- Priority changed from Urgent to Normal
Updated by Victor Julien over 6 years ago
Looks like a typo to me 'emergencing-dns.rules'. Should be 'emerging-dns.rules'?
Updated by Andreas Herz over 6 years ago
- Assignee set to Anonymous
- Target version set to Support
Could you provide us with your config file?
Updated by Victor Julien about 6 years ago
- Status changed from New to Closed
- Assignee deleted (
Anonymous) - Target version deleted (
Support)