Project

General

Profile

Actions

Support #4521

open

what's the wrong with my installing suricata

Added by zhang xx 4 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

i install and running suricata well, but there is not any alerts aflter my installing.

suricata-config

```
[root@oracle7 suricata-6.0.2]# /opt/suricata/bin/suricata --build-info
This is Suricata version 6.0.2 RELEASE
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON PROFILING TLS TLS_GNU RUST
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.8.5 20150623 (Red Hat 4.8.5-44.0.3), C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.37, linked against LibHTP v0.5.37

Suricata Configuration:
AF_PACKET support: yes
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no

Unix socket enabled:                     yes
Detection enabled: yes
Libmagic support:                        no
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: yes, through luajit
libluajit: yes
GeoIP2 support: no
Non-bundled htp: no
Hyperscan support: yes
Libnet support: yes
liblz4 support: no
Rust support:                            yes
Rust strict mode: no
Rust compiler path: /root/.cargo/bin/rustc
Rust compiler version: rustc 1.52.1 (9bc8c42bb 2021-05-09)
Cargo path: /root/.cargo/bin/cargo
Cargo version: cargo 1.52.0 (69767412a 2021-04-21)
Cargo vendor: yes
Python support:                          yes
Python path: /usr/bin/python3
Python distutils yes
Python yaml yes
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: yes
Profiling enabled:                       yes
Profiling locks enabled: no
Plugin support (experimental):           yes

Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no

Generic build parameters:
Installation prefix: /opt/suricata
Configuration directory: /opt/suricata/etc/suricata/
Log directory: /opt/suricata/var/log/suricata/

--prefix                                 /opt/suricata
--sysconfdir /opt/suricata/etc
--localstatedir /opt/suricata/var
--datarootdir /opt/suricata/share
Host:                                    x86_64-pc-linux-gnu
Compiler: gcc (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -std=gnu99 -march=native -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist
PCAP_CFLAGS -I/usr/local/include
SECCFLAGS

```

i build it in oracle linux 7; what's the wrong with me . the event_type is alert can not produce even if
`curl -A - http://www.xxxx.com` not produce, but in other environment i produced 3 years ago can be well.


Files

suricata-6.0.2-ol7-bin.tar.gz (20.4 MB) suricata-6.0.2-ol7-bin.tar.gz oracle linux 7 build (centos7 maybe can run) zhang xx, 06/09/2021 08:09 AM
Actions #1

Updated by Jason Ish 4 months ago

How are you starting Suricata? Did you run Suricata-Update to update your rules? Are you see events other than alerts?

Actions #2

Updated by Jason Ish 4 months ago

  • Tracker changed from Bug to Support
  • Target version deleted (6.0.2)
  • Difficulty deleted (low)
Actions #3

Updated by zhang xx 3 months ago

Jason Ish wrote in #note-1:

How are you starting Suricata? Did you run Suricata-Update to update your rules? Are you see events other than alerts?

load all rules from suricata-rule which can see in `suricata.log` and point the suricata-rule path in suricata.yaml.

Actions #4

Updated by Andreas Herz 3 months ago

please provide your suricata config file and the command line command how suricata is running exactly, ideally some suricata.log output as well

Actions

Also available in: Atom PDF