Failed: suricata.service - Suricata IDS/IDP daemon

Rohith · March 23, 2022, 2:03pm

Hi All, I need help.

OS :Yocto (Dunfell +QT5)
Device:Nitrogen8m

When I run the command " systemctl status suricata.service" getting this failed status

Is this related to " [errcode: sc_warn_flowbit(306)]"

ish · March 23, 2022, 2:30pm

Can you also post the suricata.service file?

Rohith · March 23, 2022, 3:07pm

Hi,

I cant find the suricata.service

Suricata.yaml file

suricata.yaml (73.3 KB)

ish · March 23, 2022, 3:15pm

From you screenshot above it looks like it should be /lib/systemd/system/suricata.service.

Rohith · March 23, 2022, 4:27pm

Thank You, I find the file at /lib/systemd/system/suricata.service.

ish · March 23, 2022, 4:43pm

The ExecStart is missing the -i command line option. It should look like:

ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

If this is from a Suricata package that you installed I’d suggest reporting this back to whoever made the package.

Rohith · March 23, 2022, 5:04pm

Hi,
I changed the ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0 —> ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

Now its showing, “Active (Running)”, Please confirm that

Rohith · March 23, 2022, 5:07pm

I taken this recipe from" OpenEmbedded Layer Index - suricata "and bitbaked in to Yocto(dunfell +QT5) image

ish · March 23, 2022, 5:32pm

Looks like its running now.

You didn’t specify a version, but I don’t think you should see those warnings with an update to date Suricata 6.0 or 5.0 release and up to date rules.

Rohith · March 23, 2022, 5:34pm

ish · March 23, 2022, 5:37pm

That documentation is out of date and exists for reference purposes only. Please see the the current documtation linked at the top of the page, or more specifically 7. Rule Management — Suricata 6.0.4 documentation.

Rohith · March 23, 2022, 5:44pm

Thank you, I will look into it.
I will get back to you once it got resolved.

prateek.s · February 16, 2023, 10:00am

Hii @ish suricata service is not working.

Here is my suricata.service file:
[Unit]
Description=Suricata IDS/IDP daemon
After=network.target network-online.target
Requires=network-online.target
Documentation=man:suricata(8) man:suricatasc(8)
Documentation=https://suricata-ids.org/docs/

[Service]
Type=forking
#Environment=LD_PRELOAD=/usr/lib/libtcmalloc_minimal.so.4
PIDFile=/run/suricata.pid
ExecStart=/usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid
ExecReload=/usr/bin/suricatasc -c reload-rules ; /bin/kill -HUP $MAINPID
ExecStop=/usr/bin/suricatasc -c shutdown
Restart=on-failure
ProtectSystem=full
ProtectHome=true

[Install]
WantedBy=multi-user.target

ish · February 16, 2023, 3:20pm

I’d first start by removing the Type=forking and not using -D with Suricata.

You can see our template Systemd unit file here:

github.com

OISF/suricata/blob/master/etc/suricata.service.in

# Sample Suricata systemd unit file.
[Unit]
Description=Suricata Intrusion Detection Service
After=syslog.target network-online.target

[Service]
# Environment file to pick up $OPTIONS. On Fedora/EL this would be
# /etc/sysconfig/suricata, or on Debian/Ubuntu, /etc/default/suricata.
#EnvironmentFile=-/etc/sysconfig/suricata
#EnvironmentFile=-/etc/default/suricata
ExecStartPre=/bin/rm -f @e_rundir@suricata.pid
ExecStart=/sbin/suricata -c @e_sysconfdir@suricata.yaml --pidfile @e_rundir@suricata.pid $OPTIONS
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

If you still have issues, please create a new topic, and include details of what is not working.

Topic		Replies	Views
Failed to start suricata.service	3	682	June 26, 2023
Suricata not running Help suricata	7	358	September 1, 2023
Suricata.service Help	6	1102	April 26, 2023
Suricata service failed to start Help	21	7469	April 21, 2023
Error Starting Suricata Help	8	179	January 15, 2024

Failed: suricata.service - Suricata IDS/IDP daemon

Related Topics