What do you mean, by it not working? What specific issues are you experiencing?
From your sostat, it looks like Suricata is failing to run as it should, and it looks like it may be related to PF_RING:
grep: /proc/net/pf_ring/*-*: No such file or directory
grep: /proc/net/pf_ring/*-*: No such file or directory
grep: /proc/net/pf_ring/*-*: No such file or directory
I also only see one interface (eth0). If this is a standalone, I would expect to see two interfaces.
What is the output of the following?
sudo more /etc/nsm/sensortab
Is the second interface (the one to be used for sniffing) configured?
You may want to try re-running setup to configure an appropriate sniffing interface.
If you are still having issues after doing so, please provide output of the following:
uname -a
sudo apt-get install --reinstall securityonion-pfring-module
sudo soup
Thanks,
Wes
Ok. I fresh installed and ran for 15 days and all went very well. Very pleased. I ran "sudo soup" today and did a complete update. My system now doesn't work again. When I run sostat-quick there are no rules and I did the rule-update and the reinstalled security onion-pfring-module. I still have 0 rules. Only way it works on this machine is to NOT update. I am also getting a -warning on the software updater telling me the HWE reached end-of-life on 2016-08-04. SOUP doesn't address this issue. I have not applied the HWE patch from ubuntu. I did include the info you requested in a txt file.
So we can get a little bit more information about your current setup, could you please attach the output of sostat-redacted?
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.