- Suricata version: 7.0.8
- Operating system: Debian
- Installed From Source (openinfosecfoundation.org/download/suricata-7.0.8.tar.gz)
Hello everyone!
I’m writing to you because I can’t get any further.
Compilation Workflow:
Minimal dependencies for Ubuntu/Debian
sudo apt -y install autoconf automake build-essential cargo \
cbindgen libjansson-dev libpcap-dev libpcre2-dev libtool \
libyaml-dev make pkg-config rustc zlib1g-dev
./configure
make -j8
make install
Suricata 7.0.8 installed successfully. No Errors
In the Documentation (en/suricata-7.0.8/install.html) is written:
This will install Suricata into /usr/local/bin/
, use the default configuration in /usr/local/etc/suricata/
and will output to /usr/local/var/log/suricata
It seems also like that the Documentation is outdated cause it references to Version 7.0.5… ANYWAYS:
‘/usr/local/etc/suricata/’: No such file or directory
‘/usr/local/var/log/suricata’: No such file or directory
/usr/local# ls /usr/local/bin/suricata TRUE, exists
I’ve got the Build Info:
root@srv659342:~# suricata --build-info
This is Suricata version 7.0.8 RELEASE
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_JA3 HAVE_JA4 HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST POPCNT64
SIMD support: SSE_4_2 SSE_4_1 SSE_3 SSE_2
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 12.2.0, C version 201112
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v0.5.49, linked against LibHTP v0.5.49
Suricata Configuration:
AF_PACKET support: yes
AF_XDP support: yes
DPDK support: no
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
PCRE jit: yes
LUA support: no
libluajit: no
GeoIP2 support: no
JA3 support: yes
JA4 support: yes
Non-bundled htp: no
Hyperscan support: no
Libnet support: no
liblz4 support: yes
Landlock support: yes
Rust support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.63.0
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.65.0
Python support: yes
Python path: /usr/bin/python3
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: yes
Profiling enabled: no
Profiling locks enabled: no
Profiling rules enabled: no
Plugin support (experimental): yes
DPDK Bond PMD: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Fuzz targets enabled: no
Generic build parameters:
Installation prefix: /usr/local
Configuration directory: /usr/local/etc/suricata/
Log directory: /usr/local/var/log/suricata/
--prefix /usr/local
--sysconfdir /usr/local/etc
--localstatedir /usr/local/var
--datarootdir /usr/local/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -fPIC -std=c11 -march=native -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist
PCAP_CFLAGS -I/usr/include
SECCFLAGS
So it says:
Installation prefix: /usr/local
Configuration directory: /usr/local/etc/suricata/
Log directory: /usr/local/var/log/suricata/
So I would expect that the config File exists.
I tried following:
root@srv659342:/usr/local/etc/suricata# suricata --dump-config > /usr/local/etc/suricata/suricata.yaml
root@srv659342:/usr/local/etc/suricata# cat /usr/local/etc/suricata/suricata.yaml
root@srv659342:/usr/local/etc/suricata#
creates an empty file suricata.yaml
I have write permissions because I am root.
I’m stuck at this Point!
I would appreciate your help a lot, as I am new to Suricata and simply followed the Documentation.
(2. Quickstart guide — Suricata 7.0.8 documentation)
It would be nice to have a method to automatically initialize the configuration.
Best Wishes,
Kai