Error in suricata-update

I download suricata-6.0.4.tar.gz and copied to a machine without internet
Extracted it
then run ./configure && make && make-conf

Then I tried to run rules manually , this was mentioned in suricata forum

with this command

suricata-update add-source et-local file:/home/xyz/Downloads/emerging-threats.tar.gz

But i got error

/usr/local/bin/suricata: error while loading shared libraries: cannot open shared object file: No such file or directory
Traceback (most recent call last):
  File "/usr/local/bin/suricata-update", line 33, in <module>
  File "/usr/local/lib/python3.8/dist-packages/suricata/update/", line 1307, in main
  File "/usr/local/lib/python3.8/dist-packages/suricata/update/", line 1017, in _main
  File "/usr/local/lib/python3.8/dist-packages/suricata/update/", line 202, in init
    build_info = suricata.update.engine.get_build_info(_config["suricata"])
  File "/usr/local/lib/python3.8/dist-packages/suricata/update/", line 43, in get_build_info
    build_info_output = subprocess.check_output([suricata, "--build-info"])
  File "/usr/lib/python3.8/", line 415, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
  File "/usr/lib/python3.8/", line 516, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/usr/local/bin/suricata', '--build-info']' returned non-zero exit status 127.

I am getting same even if I simply run : suricata-update

Anyone can find out what’s issue . I need to install rules on a machine without internet
I followed this trick : Installing default Suricata 6.0.2 rules onto machine without internet access

This is the reason the error is occurring. Run ldd /usr/local/bin/suricata | grep libhtp and paste your results here.

You can configure Suricata to use a bundled libhtp or specify the location of the libhtp library. Suricata depends/requires libhtp to execute properly.

Hi Solved this using sudo ldconfig ,

@Jeff_Lucovsky also wanted to know where I can see suricata logs . I added a plugin for kafka . It creates a topic but don’t send any data , where I can see logs generated by suricata for these events

Your plugin will determine what happens to the data and where it is logged.

Without any plugins, Suricata uses the information from the outputs configuration section in the eve-log area.

The default-log-dir setting determines where the log files will be placed (this can be overridden with the -l /path/to/log-directory command line option.

I have determined plugin details in eve-output , it is not writing on disk i.e eve.json also not sending to kafka .

So i was wondering how to find where logs are going

Can you post the outputs section from the Suricata configuration file – the eve-log section is the most interesting for me to see.

here @Jeff_Lucovsky

 - eve-log:
      enabled: yes
      filetype: kafka #regular|syslog|unix_dgram|unix_stream|redis
      filename: eve.json
        brokers: ",,"
        topic: suricata
        client-id: suricata_client_01
        buffer-size: 1024
      # Enable for multi-threaded eve.json output; output files are amended with
      # with an identifier, e.g., eve.9.json
      threaded: false
      #prefix: "@cee: " # prefix to prepend to each log entry
      # the following are valid when type: syslog above
      #identity: "suricata"
      #facility: local5
      level: Alert ## Error, Warning, Notice, Info, Debug

Try using a regular file as in the default config. Verify that works before attempting to log to Kafka, but please start a new topic here for Kafka, then maybe the people who can help with Kafka will see it.

Hi tried filetype as regular , didn’t work . Will create a new topic