Support #5169
closedwindows 10 ERRCODE: SC_ERR_CONF_YAML_ERROR(242)
Description
Hi, this continues to say "Failed to parse configuration file at line 24: did not find expected key".
But what key?
How do is find line 24?
"
types:
- alert:
# payload: yes # enable dumping payload in Base64
# payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
# payload-printable: yes # enable dumping payload in printable (lossy) format
# packet: yes # enable dumping of packet (without stream segments)
# metadata: no # enable inclusion of app layer metadata with alert. Default yes
# http-body: yes # Requires metadata; enable dumping of HTTP body in Base64
# http-body-printable: yes # Requires metadata; enable dumping of HTTP body in printable format
- Enable the logging of tagged packets for rules using the
# "tag" keyword.
tagged-packets: yes
"
this is my suricata.yaml section i think it is looking at :
thanks for any advice or suggestions
Updated by Jason Ish about 2 years ago
- Priority changed from High to Normal
How are you starting Suricata? A typical default install will load the configuration file at /etc/suricata/suricata.yaml but this could be different based on how Suricata was installed. Hopefully the error is clear when you look at or around line 24. If not, you might have to upload the configuration file here for more help.
Updated by Jason Ish about 2 years ago
Being YAML, the indentation matters. You’ll have to include the contents up to here as well as pre formatted text or upload the file.
Also if you can, revert to the default file then re-apply your edits keeping in mind that indentation matters.
Updated by david simmons about 2 years ago
sorry, i should mention this Suricata is being installed on windows 10.
Updated by david simmons about 2 years ago
- Subject changed from ERRCODE: SC_ERR_CONF_YAML_ERROR(242) to windows 10 ERRCODE: SC_ERR_CONF_YAML_ERROR(242)
Updated by Jason Ish about 2 years ago
david simmons wrote in #note-4:
sorry, i should mention this Suricata is being installed on windows 10.
If you still need help, you'll need to post your suricata.yaml.
Updated by david simmons about 2 years ago
thanks Jason, i took your advice and started with the original yaml and made my changes again, watching out for the indentation. I believe it worked because now i am getting rule errors, but thats ok, i found any of them and dowwloaded them. And i get
" all 9 packet processing threads, 4 management threads initialized, engine started. "
Now i just need to get the gui i am thinking.
so, thanks again!!
Updated by Philippe Antoine almost 2 years ago
- Status changed from New to Closed
Looks like this is ok
Feel free to reopen at https://forum.suricata.io if needed