Re:- Suricata failed

[Saurabh Pathak]

That suricata service automatically failed after couple of seconds. That's why it not fetching the logs. Kindly please provide the solution for this suricata failed issue.

[Damian Nicastro]

Hi  pathakvsaurabh:

I hope you are fine.

Unfortunately with this cut image we cannot see what's going on there. Please, execute this command and send the result in text format to have more details:

# systemctl status suricata -l 

However, usually the problem when we start Suricata for the first time is that the network interface name is set with a different name than your system's interface. First, check you interface name:

# nmcli con show

Then, replace with the name of your interface in the three places where the network interface is present the following config file of Suricata:

# vi /etc/suricata/suricata.yaml

...

af-packet:
  - interface: <your_interface_name>

...

pfring:
  - interface: <your_interface_name>

...

pcap:
  - interface: <your_interface_name>

...

And also replace it in the following config file:

# vi /etc/sysconfig/suricata

...

# Add options to be passed to the daemon
OPTIONS="-i  <your_interface_name>  --user suricata "

Once you finish this, restart your Suricata service and check again the status:

# systemctl restart suricata

I hope this helps.

Thanks