Actions
Bug #624
closedLatest git not starting in daemon mode
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hi,
Starting Suricata like:
sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3 -D
Then in the suricata.log file:
[15253] 11/11/2012 -- 15:44:23 - (defrag-hash.c:203) <Info> (DefragInitConfig) -- allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56 [15253] 11/11/2012 -- 15:44:23 - (defrag-hash.c:228) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of si ze 144 [15253] 11/11/2012 -- 15:44:23 - (defrag-hash.c:235) <Info> (DefragInitConfig) -- defrag memory usage: 9666416 bytes, maxi mum: 16777216 [15253] 11/11/2012 -- 15:44:23 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow load balancer [15254] 11/11/2012 -- 15:44:23 - (util-pidfile.c:56) <Error> (SCPidfileCreate) -- [ERRCODE: SC_ERR_PIDFILE_OPEN(152)] - un able to set pidfile: No such file or directory
This is with the latest git -
suricata --build-info [15315] 11/11/2012 -- 15:48:32 - (suricata.c:540) <Info> (SCPrintBuildInfo) -- This is Suricata version 1.4dev (rev 7293040) [15315] 11/11/2012 -- 15:48:32 - (suricata.c:613) <Info> (SCPrintBuildInfo) -- Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW HAVE_NSS [15315] 11/11/2012 -- 15:48:32 - (suricata.c:627) <Info> (SCPrintBuildInfo) -- 64-bits, Little-endian architecture [15315] 11/11/2012 -- 15:48:32 - (suricata.c:629) <Info> (SCPrintBuildInfo) -- GCC version 4.6.3, C version 199901 [15315] 11/11/2012 -- 15:48:32 - (suricata.c:635) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1 [15315] 11/11/2012 -- 15:48:32 - (suricata.c:638) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2 [15315] 11/11/2012 -- 15:48:32 - (suricata.c:641) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4 [15315] 11/11/2012 -- 15:48:32 - (suricata.c:644) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8 [15315] 11/11/2012 -- 15:48:32 - (suricata.c:647) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 [15315] 11/11/2012 -- 15:48:32 - (suricata.c:651) <Info> (SCPrintBuildInfo) -- compiled with -fstack-protector [15315] 11/11/2012 -- 15:48:32 - (suricata.c:657) <Info> (SCPrintBuildInfo) -- compiled with _FORTIFY_SOURCE=2 [15315] 11/11/2012 -- 15:48:32 - (suricata.c:660) <Info> (SCPrintBuildInfo) -- compiled with libhtp 0.2.10, linked against 0.2.10
if I use this start up command instead:
sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3
aka no daemon mode - it starts fine.
on an earlier git version:
suricata --build-info [5920] 11/11/2012 -- 15:24:57 - (suricata.c:540) <Info> (SCPrintBuildInfo) -- This is Suricata version 1.4dev (rev 02874a1) [5920] 11/11/2012 -- 15:24:57 - (suricata.c:613) <Info> (SCPrintBuildInfo) -- Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW HAVE_NSS [5920] 11/11/2012 -- 15:24:57 - (suricata.c:627) <Info> (SCPrintBuildInfo) -- 64-bits, Little-endian architecture [5920] 11/11/2012 -- 15:24:57 - (suricata.c:629) <Info> (SCPrintBuildInfo) -- GCC version 4.6.3, C version 199901 [5920] 11/11/2012 -- 15:24:57 - (suricata.c:635) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1 [5920] 11/11/2012 -- 15:24:57 - (suricata.c:638) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2 [5920] 11/11/2012 -- 15:24:57 - (suricata.c:641) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4 [5920] 11/11/2012 -- 15:24:57 - (suricata.c:644) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8 [5920] 11/11/2012 -- 15:24:57 - (suricata.c:647) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 [5920] 11/11/2012 -- 15:24:57 - (suricata.c:651) <Info> (SCPrintBuildInfo) -- compiled with -fstack-protector [5920] 11/11/2012 -- 15:24:57 - (suricata.c:657) <Info> (SCPrintBuildInfo) -- compiled with _FORTIFY_SOURCE=2
both commands:
sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3 sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3 -D
work fine
The configure line is:
./configure --enable-pfring --with-libpfring-includes=/usr/local/pfring/include \ --with-libpfring-libraries=/usr/local/pfring/lib \ --with-libpcap-includes=/usr/local/pfring/include \ --with-libpcap-libraries=/usr/local/pfring/lib \ --with-libnss-libraries=/usr/lib \ --with-libnss-includes=/usr/include/nss/ \ --with-libnspr-libraries=/usr/lib \ --with-libnspr-includes=/usr/include/nspr
thanks
Updated by Victor Julien about 12 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version set to 1.4beta3
Updated by Eric Leblond about 12 years ago
This problem is linked with latest daemon change. I propose the following:
-verbose error in ERROR mode but no exit
-second error message telling that no pid file will be disable in 1.5 release.
Updated by Eric Leblond about 12 years ago
- % Done changed from 0 to 80
Fixed by PR on github: https://github.com/inliniac/suricata/pull/193
Updated by Victor Julien about 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 80 to 100
Merged https://github.com/inliniac/suricata/pull/200, thanks Eric!
Actions