Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Suricata not starting
976 views
Skip to first unread message
Timothy M Butterworth
Mar 10, 2023, 1:50:06 PM3/10/23
to
Is anyone else having problems getting suricata to start?
sudo systemctl status suricata
× suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/lib/systemd/system/suricata.service; disabled; preset: enabled)
Active: failed (Result: exit-code) since Fri 2023-03-10 13:43:33 EST; 3s ago
Duration: 187ms
Docs: man:suricata(8)
man:suricatasc(8)
https://suricata-ids.org/docs/
Process: 375274 ExecStart=/usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid (code=exited, status=0/SUCCESS)
Main PID: 375279 (code=exited, status=1/FAILURE)
CPU: 206ms
Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Scheduled restart job, restart counter is at 5.
Mar 10 13:43:33 debian-testing systemd[1]: Stopped suricata.service - Suricata IDS/IDP daemon.
Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Start request repeated too quickly.
Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Failed with result 'exit-code'.
Mar 10 13:43:33 debian-testing systemd[1]: Failed to start suricata.service - Suricata IDS/IDP daemon.
-- × suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/lib/systemd/system/suricata.service; disabled; preset: enabled)
Active: failed (Result: exit-code) since Fri 2023-03-10 13:43:33 EST; 3s ago
Duration: 187ms
Docs: man:suricata(8)
man:suricatasc(8)
https://suricata-ids.org/docs/
Process: 375274 ExecStart=/usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid (code=exited, status=0/SUCCESS)
Main PID: 375279 (code=exited, status=1/FAILURE)
CPU: 206ms
Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Scheduled restart job, restart counter is at 5.
Mar 10 13:43:33 debian-testing systemd[1]: Stopped suricata.service - Suricata IDS/IDP daemon.
Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Start request repeated too quickly.
Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Failed with result 'exit-code'.
Mar 10 13:43:33 debian-testing systemd[1]: Failed to start suricata.service - Suricata IDS/IDP daemon.
Dan Ritter
Mar 10, 2023, 2:30:06 PM3/10/23
to
Timothy M Butterworth wrote:
> Is anyone else having problems getting suricata to start?
>
> Is anyone else having problems getting suricata to start?
>
> Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Scheduled
> restart job, restart counter is at 5.
> Mar 10 13:43:33 debian-testing systemd[1]: Stopped suricata.service -
> Suricata IDS/IDP daemon.
> Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Start request
> repeated too quickly.
> Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Failed with
> result 'exit-code'.
> Mar 10 13:43:33 debian-testing systemd[1]: Failed to start suricata.service
> - Suricata IDS/IDP daemon.
What happens when you run the daemon by hand?
> restart job, restart counter is at 5.
> Mar 10 13:43:33 debian-testing systemd[1]: Stopped suricata.service -
> Suricata IDS/IDP daemon.
> Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Start request
> repeated too quickly.
> Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Failed with
> result 'exit-code'.
> Mar 10 13:43:33 debian-testing systemd[1]: Failed to start suricata.service
> - Suricata IDS/IDP daemon.
-dsr-
Timothy M Butterworth
Mar 10, 2023, 4:20:06 PM3/10/23
to
Error opening file /var/log/suricata//suricata.log
10/3/2023 -- 16:08:51 - <Notice> - This is Suricata version 6.0.10 RELEASE running in SYSTEM mode
10/3/2023 -- 16:08:51 - <Error> - [ERRCODE: SC_ERR_LOGDIR_CONFIG(116)] - The logging directory "/var/log/suricata/" supplied by /etc/suricata/suricata.yaml (default-log-dir) is not writable. Shutting down the engine
Timothy M Butterworth
Mar 10, 2023, 4:20:06 PM3/10/23
to
I adjusted the permissions on the logging directory: sudo chmod -R 774 /etc/suricata/ and sudo chmod -R 774 /var/log/suricata/
It now starts.
10/3/2023 -- 16:15:16 - <Notice> - This is Suricata version 6.0.10 RELEASE running in SYSTEM mode
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/suricata.rules
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern signatures.rules
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 2 rule files specified, but no rules were loaded!
10/3/2023 -- 16:15:16 - <Notice> - all 8 packet processing threads, 4 management threads initialized, engine started.
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/suricata.rules
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern signatures.rules
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 2 rule files specified, but no rules were loaded!
10/3/2023 -- 16:15:16 - <Notice> - all 8 packet processing threads, 4 management threads initialized, engine started.
thanks
Tim
Dan Ritter
Mar 10, 2023, 4:40:07 PM3/10/23
to
You can create and permission the directory appropriately, or
change the config.
-dsr-
0 new messages