Hello everyone,
I installed version 7.0.2 of suricata except that when launching, it refuses to launch because it says that in the file /etc/default/suricata
I must have :
RUN=“yes”
Except that it is and despite that it continues to give me this error.
I am attaching a photo from the newspaper
PS: sorry for my English but I used google translate
How did you install Suricata, manually the release file? or via the PPA if it’s Ubuntu?
I installed Suricata with :
wget https://www.openinfosecfoundation.org/download/suricata-7.0.2.tar.gz
The systemd unit file suricata.service needs manual adjustments to your environment and requirement. So this depends on your OS and how you would it to look like. So I would recommend to adjust it to your needs, especially the run command and command line arguments added to the Suricata call.
I don’t understand, can you give me more details? I have already modified the yml conf file
How do you want to run Suricata, in IDS or IPS mode? With af-packet or another method?
The yaml is the config for the Suricata process, but the error you posted is related to the systemd unit file. We ship just an example that you need to adjust towards your environment.
I use af-packet yes and I have no real knowledge on the subject but my objective is to detect intrusions and to receive an email notification of alerts
Without real knowledge on the subject, that will be hard. I would recommend reading the Docs Suricata User Guide — Suricata 8.0.0-dev documentation as well.
You can also look at the Ubuntu PPA package that we provide that has a service file included that you can also use as a base.
For email notification you would have to setup something dedicated, this is no feature in Suricata itself. We only write the logs either to disk, redis, socket or remote targets.
Thanks !
Have a good day !
