Hi
I had checked the same but its for NFQueue, and I have installed suricata with PF_RING I think both are different.
[root@localhost ~]# /opt/PF_RING/bin/suricata --build-info
This is Suricata version 1.4.1 RELEASE
Features: LIBPCAP_VERSION_MAJOR=0 PF_RING HAVE_PACKET_FANOUT LIBCAP_NG
LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK
HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW
64-bits, Little-endian architecture
GCC version 4.1.2 20080704 (Red Hat 4.1.2-54), C version 199901
compiled with libhtp 0.2.12, linked against 0.2.12
Suricata Configuration:
AF_PACKET support: no
PF_RING support: yes
NFQueue support: no
IPFW support: no
DAG enabled: no
Napatech enabled: no
Unix socket enabled: no
libnss support: no
libnspr support: no
libjansson support: no
Prelude support: no
PCRE jit: no
libluajit: no
libgeoip: no
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: no
Suricatasc install: yes
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Profiling enabled: no
Profiling locks enabled: no
Generic build parameters:
Installation prefix (--prefix): /opt/PF_RING
Configuration directory (--sysconfdir): /opt/PF_RING/etc/suricata/
Log directory (--localstatedir) : /opt/PF_RING/var/log/suricata/
Host: x86_64-unknown-linux-gnu
GCC binary: gcc
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Then run the below command to start suricata
/opt/PF_RING/bin/suricata -c /etc/suricata/suricata.yaml -i eth0
24/4/2013 -- 19:48:46 - <Info> - This is Suricata version 1.4.1 RELEASE
24/4/2013 -- 19:48:46 - <Info> - CPUs/cores online: 1
24/4/2013 -- 19:48:46 - <Info> - Found an MTU of 1500 for 'eth0'
24/4/2013 -- 19:48:46 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/4/2013 -- 19:48:46 - <Info> - preallocated 65535 defrag trackers of size 152
24/4/2013 -- 19:48:46 - <Info> - defrag memory usage: 13631336 bytes, maximum: 33554432
24/4/2013 -- 19:48:46 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
24/4/2013 -- 19:48:46 - <Info> - preallocated 1024 packets. Total memory 4362240
24/4/2013 -- 19:48:46 - <Info> - allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56
24/4/2013 -- 19:48:46 - <Info> - preallocated 1000 hosts of size 128
24/4/2013 -- 19:48:46 - <Info> - host memory usage: 357376 bytes, maximum: 16777216
24/4/2013 -- 19:48:46 - <Info> - allocated 3670016 bytes of memory for the flow hash... 65536 buckets of size 56
24/4/2013 -- 19:48:46 - <Info> - preallocated 10000 flows of size 280
24/4/2013 -- 19:48:46 - <Info> - flow memory usage: 6470016 bytes, maximum: 33554432
24/4/2013 -- 19:48:46 - <Info> - IP reputation disabled
24/4/2013 -- 19:48:46 - <Info> - using magic-file /usr/share/file/magic
24/4/2013 -- 19:48:46 - <Info> - Delayed detect disabled
24/4/2013 -- 19:48:46 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)]
- No rules loaded from /etc/suricata/rules/emerging-icmp.rules
24/4/2013 -- 19:48:50 - <Info> - 48 rule files processed. 13034 rules successfully loaded, 0 rules failed
24/4/2013 -- 19:49:12 - <Info> - 13042 signatures processed. 733
are IP-only rules, 4054 are inspecting packet payload, 9962 inspect
application layer, 83 are decoder event only
24/4/2013 -- 19:49:12 - <Info> - building signature grouping
structure, stage 1: adding signatures to signature source addresses...
complete
24/4/2013 -- 19:49:13 - <Info> - building signature grouping structure, stage 2: building source address list... complete
24/4/2013 -- 19:49:16 - <Info> - building signature grouping
structure, stage 3: building destination address lists... complete
24/4/2013 -- 19:49:17 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] -
Error opening file: "/opt/PF_RING/etc/suricata//threshold.config": No
such file or directory
24/4/2013 -- 19:49:17 - <Info> - Core dump size set to unlimited.
24/4/2013 -- 19:49:17 - <Info> - fast output device (regular) initialized: fast.log
24/4/2013 -- 19:49:17 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
24/4/2013 -- 19:49:17 - <Info> - http-log output device (regular) initialized: http.log
24/4/2013 -- 19:49:17 - <Info> - Using 1 live device(s).
24/4/2013 -- 19:49:17 - <Info> - using interface eth0
24/4/2013 -- 19:49:17 - <Info> - Found an MTU of 1500 for 'eth0'
24/4/2013 -- 19:49:17 - <Info> - RunModeIdsPcapAutoFp initialised
4/4/2013 -- 19:49:17 - <Info> - stream "max-sessions": 262144
24/4/2013 -- 19:49:17 - <Info> - stream "prealloc-sessions": 32768
24/4/2013 -- 19:49:17 - <Info> - stream "memcap": 33554432
24/4/2013 -- 19:49:17 - <Info> - stream "midstream" session pickups: disabled
24/4/2013 -- 19:49:17 - <Info> - stream "async-oneside": disabled
24/4/2013 -- 19:49:17 - <Info> - stream "checksum-validation": enabled
24/4/2013 -- 19:49:17 - <Info> - stream."inline": disabled
24/4/2013 -- 19:49:17 - <Info> - stream.reassembly "memcap": 67108864
24/4/2013 -- 19:49:17 - <Info> - stream.reassembly "depth": 1048576
24/4/2013 -- 19:49:17 - <Info> - stream.reassembly "toserver-chunk-size": 2560
24/4/2013 -- 19:49:17 - <Info> - stream.reassembly "toclient-chunk-size": 2560
24/4/2013 -- 19:49:18 - <Info> - all 2 packet processing threads, 3 management threads initialized, engine started.
above command shows that rules are loaded but I was not able to integrate with the firewall