Support #48
closedaborts with: Error getting context for AlertFastLog. "initdata" argument NULL
Description
Dell Latitude D600 running Ubuntu 9.10 Karmic, up to date
bash$ sudo suricata c suricata.yaml -s signatures.rules -i wlan0 "
Warning: Invalid global_log_level assigned by user. Falling back on the default_log_level "Info"
Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters. Falling back on default log_format "[%i] %t - (%f:%l) <%d> (%n) -
Warning: Output_interface not supplied by user. Falling back on default_output_interface "Console"
[5954] 5/1/2010 -- 16:34:10 - (suricata.c:425) <Info> (main) -- This is Suricata version 0.8.0
[5954] 5/1/2010 -- 16:34:10 - (util-debug.c:1050) <Warning> (SCLogLoadConfig) -- [ERRCODE: SC_UNIMPLEMENTED(56)] - Ignoring unknown logging interface: file
[5954] 5/1/2010 -- 16:34:10 - (counters.c:79) <Error> (SCPerfInitOPCtx) -- [ERRCODE: SC_ERR_FOPEN(24)] - fopen error opening file "/var/log/suricata/stats.log". Resorting to using the standard output for output
[5954] 5/1/2010 -- 16:34:10 - (suricata.c:583) <Info> (main) -- preallocating packets... packet size 88484
[5954] 5/1/2010 -- 16:34:10 - (suricata.c:597) <Info> (main) -- preallocating packets... done: total memory 4424200
[5954] 5/1/2010 -- 16:34:10 - (flow.c:426) <Info> (FlowInitConfig) -- initializing flow engine...
[5954] 5/1/2010 -- 16:34:10 - (flow.c:468) <Info> (FlowInitConfig) -- allocated 1835008 bytes of memory for the flow hash... 65536 buckets of size 28
[5954] 5/1/2010 -- 16:34:10 - (flow.c:482) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 140
[5954] 5/1/2010 -- 16:34:10 - (flow.c:484) <Info> (FlowInitConfig) -- flow memory usage: 1835008 bytes, maximum: 33554432
...
[5954] 5/1/2010 -- 16:34:52 - (detect.c:2555) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done
[5955] 5/1/2010 -- 16:34:52 - (source-pcap.c:175) <Info> (ReceivePcapThreadInit) -- using interface wlan0
[5964] 5/1/2010 -- 16:34:52 - (alert-fastlog.c:171) <Error> (AlertFastlogThreadInit) -- [ERRCODE: SC_ERR_FAST_LOG_GENERIC_ERROR(58)] - Error getting context for AlertFastLog. "initdata" argument NULL
[5965] 5/1/2010 -- 16:34:52 - (alert-unified-log.c:224) <Error> (AlertUnifiedLogThreadInit) -- [ERRCODE: SC_ERR_UNIFIED_LOG_GENERIC_ERROR(60)] - Error getting context for UnifiedLog. "initdata" argument NULL
[5966] 5/1/2010 -- 16:34:52 - (alert-unified2-alert.c:495) <Error> (Unified2AlertThreadInit) -- [ERRCODE: SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR(63)] - Error getting context for Unified2Alert. "initdata" argument NULL
[5967] 5/1/2010 -- 16:34:52 - (alert-debuglog.c:198) <Error> (AlertDebuglogThreadInit) -- [ERRCODE: SC_ERR_DEBUG_LOG_GENERIC_ERROR(59)] - Error getting context for DebugLog. "initdata" argument NULL
Thread "AlertFastlog&Httplog" closed on initialization...
ERROR: Engine initialization failed, aborting...
Updated by Peter Schmidt over 14 years ago
This went away after I did:
bash$ sudo mkdir /var/log/suricata
Shouldn't the make install create the /var and /etc dirs?
Updated by Will Metcalf over 14 years ago
- Status changed from New to Closed
- Assignee set to OISF Dev
- Target version set to 0.8.1
We will leave creating the dirs for logs and config files as an exercise for the user. Perhaps if we create rpms and debs we will make part of the package installation process. The code currently in the git repo is now more clear regarding the real issue when the log dir is missing.
Warning: Invalid global_log_level assigned by user. Falling back on the default_log_level "Info"
Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters. Falling back on default log_format "[%i] %t - (%f:%l) <%d> (%n) -- "
Warning: Output_interface not supplied by user. Falling back on default_output_interface "Console"
[100067] 7/1/2010 -- 23:27:28 - (suricata.c:446) <Info> (main) -- This is Suricata version 0.8.0
[100067] 7/1/2010 -- 23:27:28 - (suricata.c:476) <Error> (main) -- [ERRCODE: SC_ERR_LOGDIR_CONFIG(77)] - The logging directory "/var/log/suricata" supplied by suricata.yaml (default-log-dir) doesn't exist. Shutting down the engine