Suricata

Suricata compiles fine and does not complain, but the exe fails to start:

C:\Suricata>suricata.exe c suricata.yaml -i 192.168.1.71
[4840] 7/1/2012 - 14:18:44 - (suricata.c:1082) <Info> (main) -- This is Suricata version 1.2dev (rev 64f717c)

[4840] 7/1/2012 -- 14:18:44 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8
cygwin warning:
MS-DOS style path detected: C:\Suricata\log
Preferred POSIX equivalent is: /Suricata/log
CYGWIN environment variable option "nodosfilewarning" turns off this warning.
Consult the user's guide for more details about POSIX paths:
http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
[4840] 7/1/2012 -- 14:18:44 - (util-ioctl.c:85) <Info> (GetIfaceMTU) -- Failure when trying to get MTU via ioc
tl: 22
[4840] 7/1/2012 -- 14:18:44 - (detect-pcre.c:128) <Info> (DetectPcreRegister) -- Using PCRE match-limit settin
g of: 3500
[4840] 7/1/2012 -- 14:18:44 - (detect-pcre.c:138) <Info> (DetectPcreRegister) -- Using PCRE match-limit-recurs
ion setting of: 1500
[4840] 7/1/2012 -- 14:18:44 - (suricata.c:1483) <Info> (main) -- preallocated 50 packets. Total memory 155300
[4840] 7/1/2012 -- 14:18:44 - (flow.c:818) <Info> (FlowInitConfig) -- initializing flow engine...
[4840] 7/1/2012 -- 14:18:44 - (flow.c:911) <Info> (FlowInitConfig) -- allocated 524288 bytes of memory for the
flow hash... 65536 buckets of size 8
[4840] 7/1/2012 -- 14:18:44 - (flow.c:931) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 128
[4840] 7/1/2012 -- 14:18:44 - (flow.c:933) <Info> (FlowInitConfig) -- flow memory usage: 1804288 bytes, maximu
m: 33554432
[4840] 7/1/2012 -- 14:18:44 - (util-magic.c:62) <Info> (MagicInit) -- using magic-file C:\Suricata\magic
[4840] 7/1/2012 -- 14:18:44 - (detect.c:464) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_OPENING_RULE_FILE
(41)] - ERROR opening rule file C:\Suricata\rules/emerging-web.rules: No such file or directory.
[4840] 7/1/2012 -- 14:18:57 - (detect-parse.c:1990) <Error> (DetectEngineAppendSig) -- [ERRCODE: SC_ERR_DUPLIC
ATE_SIG(174)] - Duplicate signature "alert pkthdr any any > any any (msg:"SURICATA IPv6 wrong IP version"; de
code-event:ipv6.wrong_ip_version; sid:2200021; rev:1;)"
[4840] 7/1/2012 - 14:18:57 - (detect.c:508) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE
(39)] - Error parsing signature "alert pkthdr any any > any any (msg:"SURICATA IPv6 wrong IP version"; decode
-event:ipv6.wrong_ip_version; sid:2200021; rev:1;)" from file C:\Suricata\rules/decoder-events.rules at line 2
5
[4840] 7/1/2012 - 14:18:57 - (detect.c:643) <Info> (SigLoadSignatures) -- 9 rule files processed. 6424 rules
succesfully loaded, 1 rules failed
[4840] 7/1/2012 -- 14:18:59 - (detect.c:2396) <Info> (SigAddressPrepareStage1) -- 6424 signatures processed. 0
are IP-only rules, 1275 are inspecting packet payload, 6160 inspect application layer, 71 are decoder event o
nly
[4840] 7/1/2012 -- 14:18:59 - (detect.c:2399) <Info> (SigAddressPrepareStage1) -- building signature grouping
structure, stage 1: adding signatures to signature source addresses... complete
[4840] 7/1/2012 -- 14:18:59 - (detect.c:3023) <Info> (SigAddressPrepareStage2) -- building signature grouping
structure, stage 2: building source address list... complete
[4840] 7/1/2012 -- 14:18:59 - (detect.c:3616) <Info> (SigAddressPrepareStage3) -- MPM memory 5560503 (dynamic
5560503, ctxs 0, avg per ctx 0)
[4840] 7/1/2012 -- 14:18:59 - (detect.c:3618) <Info> (SigAddressPrepareStage3) -- max sig id 6425, array size
804
[4840] 7/1/2012 -- 14:18:59 - (detect.c:3629) <Info> (SigAddressPrepareStage3) -- building signature grouping
structure, stage 3: building destination address lists... complete
[4840] 7/1/2012 -- 14:19:04 - (util-threshold-config.c:135) <Warning> (SCThresholdConfInitContext) -- [ERRCODE
: SC_ERR_FOPEN(44)] - Error opening file: "threshold.config": No such file or directory
[4840] 7/1/2012 -- 14:19:04 - (util-coredump-config.c:114) <Info> (CoredumpLoadConfig) -- Core dump size is un
limited.
[4840] 7/1/2012 -- 14:19:04 - (util-logopenfile.c:164) <Info> (SCConfLogOpenGeneric) -- fast output device (re
gular) initialized: fast.log
[4840] 7/1/2012 -- 14:19:04 - (util-logopenfile.c:164) <Info> (SCConfLogOpenGeneric) -- http-log output device
(regular) initialized: http.log
[4840] 7/1/2012 -- 14:19:04 - (log-httplog.c:439) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized
[4840] 7/1/2012 -- 14:19:04 - (alert-pcapinfo.c:195) <Info> (AlertPcapInfoInitCtx) -- Fast log output initiali
zed, filename: alert-pcapinfo.log
[4840] 7/1/2012 -- 14:19:04 - (log-pcap.c:485) <Info> (PcapLogInitCtx) -- Using log dir C:\Suricata\log
[4840] 7/1/2012 -- 14:19:04 - (log-pcap.c:495) <Info> (PcapLogInitCtx) -- using normal logging
[4840] 7/1/2012 -- 14:19:04 - (util-logopenfile.c:164) <Info> (SCConfLogOpenGeneric) -- alert-debug output dev
ice (regular) initialized: alert-debug.log
[4840] 7/1/2012 -- 14:19:04 - (alert-debuglog.c:466) <Info> (AlertDebugLogInitCtx) -- Alert debug log output i
nitialized
[4840] 7/1/2012 -- 14:19:04 - (util-logopenfile.c:164) <Info> (SCConfLogOpenGeneric) -- drop output device (re
gular) initialized: drop.log
[4840] 7/1/2012 -- 14:19:04 - (log-file.c:474) <Info> (LogFileLogInitCtx) -- forcing magic lookup for stored f
iles
[4840] 7/1/2012 -- 14:19:04 - (log-file.c:488) <Info> (LogFileLogInitCtx) -- storing files in C:\Suricata\log/
files
[4840] 7/1/2012 -- 14:19:05 - (runmode-pcap.c:125) <Info> (ParsePcapConfig) -- Unable to find pcap config for
interface \Device\NPF_{DD7E8C68-52C7-439D-B3A7-199ABB22A849}, using default value
[6260] 7/1/2012 -- 14:19:05 - (source-pcap.c:344) <Error> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_
VALUE] - Unable to find Live device
[4840] 7/1/2012 -- 14:19:05 - (runmode-pcap.c:242) <Info> (RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialis
ed
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:348) <Info> (StreamTcpInitConfig) -- stream "max_sessions": 262144

[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:360) <Info> (StreamTcpInitConfig) -- stream "prealloc_sessions": 3
2768
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:376) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:382) <Info> (StreamTcpInitConfig) -- stream "midstream" session pi
ckups: disabled
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:388) <Info> (StreamTcpInitConfig) -- stream "async_oneside": disab
led
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:405) <Info> (StreamTcpInitConfig) -- stream "checksum_validation":
enabled
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:415) <Info> (StreamTcpInitConfig) -- stream."inline": disabled
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:433) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 6
7108864
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:451) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 10
48576
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:492) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver_c
hunk_size": 2560
[4840] 7/1/2012 -- 14:19:05 - (stream-tcp.c:494) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient_c
hunk_size": 2560
[4840] 7/1/2012 -- 14:19:05 - (tm-threads.c:1797) <Error> (TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREA
D_INIT(49)] - thread "ReceivePcap" closed on initialization.
[4840] 7/1/2012 -- 14:19:05 - (suricata.c:1610) <Error> (main) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engin
e initialization failed, aborting...

C:\Suricata>