Hello!Suricata won’t start
suricata.service: Start request repeated too quickly.
suricata systemd[1]: suricata.service: Failed with result ‘core-dump’.
suricata systemd[1]: Failed to start suricata.service - Suricata IDS/IDP daemon.
Please provide more details:
- What suricata version?
- How did you install suricata?
- Provide suricata.yaml config
- Add suricata.log
It worked, then it crashed. Now it doesn’t start and doesn’t write logs.
2. Binary packages
suricata.yaml (85.1 KB)
What binary package do you exactly use?
Also add the output of suricata --build-info
like 7.0.6
root@suricata:~# suricata --build-info
Illegal instruction (core dumped)
Where did you download the binary package from?
What type of distribution is this?
Index of /downloads suricata-7.0.6.tar
And how did you build and compile it?
Again what type of Linux distribution do you use?
root@suricata:~# lsb_release -d
No LSB modules are available.
Description: Ubuntu 23.10
found instructions online
it is not installed via command
sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update
sudo apt-get install suricata -y
E: Repository “Index of /oisf/suricata-stable/ubuntu mantic Release” does not contain a Release file.
N: This repository cannot be updated securely, so it is disabled by default.
N: For information on repository creation and user settings, see the apt-secure(8) man page.
everything worked for two months
If it worked, what did you change?
Did you run any upgrades on the OS that could be related?
I didn’t do anything, it doesn’t work and that’s it
This usually happens when Suricata is built with optimizations for one machine, then run on another machine with different hardware features.
I’d recommend rebuilding it on the machine you are running it.
Its also unclear if you are using the PPA or built from source? Can you clarify? I believe the PPA is only for LTS releases, which 23.10 is not.
I’m building from sources, it doesn’t work through
sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update
sudo apt-get install suricata -y
“OISF in Launchpad stable/ubuntu mantic Release” does not contain a Release file.
N: Updating from this repository cannot be done securely, so it is disabled by default.
N: For information on repository creation and user settings, see the apt-secure(8) man page.
suricata.log (12.3 KB)
Did you rebuild it from sources? Perhaps a fresh build, re-unpack to a new directory ./configure and build?
To install Suricata from source, follow these steps:
- Download the latest version of Suricata by running the following command:
wget https://www.openinfosecfoundation.org/download/suricata-6.0.8.tar.gz
- Extract the downloaded file using the following command:
tar xzf suricata-6.0.8.tar.gz
- Navigate to the extracted directory:
cd suricata-6.0.8
- Configure Suricata with the desired settings:
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var
- Build and install Suricata:
make make install-full
according to this instruction
Could there be a problem with the disk?
syslog.log (7.0 KB)
At least a corrupt filesystem, yes.
Also follow the guide at 3. Installation — Suricata 8.0.0-dev documentation and use version 7.0.6 as of now