E: af-packet: eth0: failed to find interface: No such device

Help
,
1

Please include the following information with your help request:

  • Suricata version :7.0.8
  • Operating system and/or Linux distribution : Centos7
  • How you installed Suricata (from source, packages, something else) : yum install suricata

hello

i got this problem on my centos7

[root@cahyo ~]# systemctl start suricata
[root@cahyo ~]# systemctl status suricata -l
● suricata.service - Suricata Intrusion Detection Service
Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2025-03-14 21:16:13 WIB; 3s ago
Docs: man:suricata(1)
Process: 1598 ExecStart=/sbin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid $OPTIONS (code=exited, status=1/FAILURE)
Process: 1596 ExecStartPre=/bin/rm -f /var/run/suricata.pid (code=exited, status=0/SUCCESS)
Main PID: 1598 (code=exited, status=1/FAILURE)

Mar 14 21:16:13 cahyo suricata[1598]: W: ioctl: Failure when trying to get MTU via ioctl for ‘eth0’: No such device (19)
Mar 14 21:16:13 cahyo suricata[1598]: W: output-json-alert: Found deprecated eve-log.alert flag “tls”, this flag has no effect
Mar 14 21:16:13 cahyo suricata[1598]: W: output-json-alert: Found deprecated eve-log.alert flag “ssh”, this flag has no effect
Mar 14 21:16:13 cahyo suricata[1598]: E: af-packet: eth0: failed to find interface type: No such device
Mar 14 21:16:13 cahyo suricata[1598]: E: af-packet: eth0: failed to find interface: No such device
Mar 14 21:16:13 cahyo suricata[1598]: E: af-packet: eth0: failed to init socket for interface
Mar 14 21:16:13 cahyo suricata[1598]: E: threads: thread “W#01-eth0” failed to start: flags 0423
Mar 14 21:16:13 cahyo systemd[1]: suricata.service: main process exited, code=exited, status=1/FAILURE
Mar 14 21:16:13 cahyo systemd[1]: Unit suricata.service entered failed state.
Mar 14 21:16:13 cahyo systemd[1]: suricata.service failed.

when im command
“nmcli -p dev”
i see the connection use enp0s3

then i change eth0 to enp0se at /etc/suricata/suricata.yaml

Linux high speed capture support

af-packet:

  • interface: enp0s3

and its still error
how to fix this?

2

ok the the problem is done.

just change configuration at “/etc/sysconfig/network-scripts/ifcfg-enp0s3”

change value
NAME=enp0s3
DEVICE=enp0s3
to
NAME=eth0
DEVICE=eth0

-copy that file
cp /etc/sysconfig/network-scripts/ifcfg-enp0s3 /etc/sysconfig/network-scripts/ifcfg-eth0

-and remove
rm /etc/sysconfig/network-scripts/ifcfg-enp0s3

and update GRUB configuration at
“nano /etc/default/grub”

-add parameter to variable (GRUB_CMDLINE_LINUX)
net.ifnames=0 biosdevname=0

GRUB_CMDLINE_LINUX=“crash kernel=auto net.ifnames=0 biosdevname=0 rhgb quiet”

-update GRUB configuration
sudo grub2-mkconfig -o /boot/grub2/grub.cfg

-reboot
sudo reboot

check again
ip a
nmcli-p dev

nmcli -p dev
nmcli -p dev298×144 3.3 KB