Novice Installation - Default Configuration error stall

Hello,
I’m new to Suricata and fairly new to Linux. I run Suricata with the default configuration and it stalls with errors. I’ve verified the rules are in the correct place.
I’d appreciate the help. Thank you.

8/10/2022 – 12:50:39 - - Running as service: no
Suricata 6.0.6
USAGE: suricata.exe [OPTIONS] [BPF FILTER]

    -c <path>                            : path to configuration file
    -T                                   : test configuration file (use with -c)
    -i <dev or ip>                       : run in pcap live mode
    -F <bpf filter file>                 : bpf filter file
    -r <path>                            : run in pcap file/offline mode
    -s <path>                            : path to signature file loaded in addition to suricata.yaml settings (optional)
    -S <path>                            : path to signature file loaded exclusively (optional)
    -l <dir>                             : default log directory
    --service-install                    : install as service
    --service-remove                     : remove service
    --service-change-params              : change service startup parameters
    -k [all|none]                        : force checksum check (all) or disabled it (none)
    -V                                   : display Suricata version
    -v                                   : be more verbose (use multiple times to increase verbosity)
    --list-app-layer-protos              : list supported app layer protocols
    --list-keywords[=all|csv|<kword>]    : list keywords implemented by the engine
    --list-runmodes                      : list supported runmodes
    --runmode <runmode_id>               : specific runmode modification the engine should run.  The argument
                                           supplied should be the id for the runmode obtained by running
                                           --list-runmodes
    --engine-analysis                    : print reports on analysis of different sections in the engine and exit.
                                           Please have a look at the conf parameter engine-analysis on what reports
                                           can be printed
    --pidfile <file>                     : write pid to this file
    --init-errors-fatal                  : enable fatal failure on signature init error
    --disable-detection                  : disable detection engine
    --dump-config                        : show the running configuration
    --dump-features                      : display provided features
    --build-info                         : display build information
    --pcap[=<dev>]                       : run in pcap mode, no value select interfaces from suricata.yaml
    --pcap-file-continuous               : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted
    --pcap-file-delete                   : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done
    --pcap-file-recursive                : will descend into subdirectories when running in replay mode (-r)
    --pcap-buffer-size                   : size of the pcap buffer value from 0 - 2147483647
    --simulate-ips                       : force engine into IPS mode. Useful for QA
    --erf-in <path>                      : process an ERF file
    --set name=value                     : set a configuration value

To run the engine with default configuration on interface eth0 with signature file “signatures.rules”, run the command as:

suricata.exe -c suricata.yaml -s signatures.rules -i eth0


C:\Program Files\Suricata>suricata.exe -c suricata.yaml -s signatures.rules -i eth0
8/10/2022 -- 12:56:10 - <Info> - Running as service: no
Error opening file C:\\Program Files\\Suricata\\log/suricata.log
8/10/2022 -- 12:56:10 - <Notice> - This is Suricata version 6.0.6 RELEASE running in SYSTEM mode
8/10/2022 -- 12:56:10 - <Warning> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol sip enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
8/10/2022 -- 12:56:10 - <Warning> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol mqtt enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
8/10/2022 -- 12:56:10 - <Warning> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol rdp enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.

C:\Program Files\Suricata>suricata.exe -c suricata.yaml -s signatures.rules -i 10.252.0.97
8/10/2022 -- 12:58:46 - <Info> - Running as service: no
8/10/2022 -- 12:58:46 - <Error> - [ERRCODE: SC_ERR_PCAP_TRANSLATE(201)] - failed to find a pcap device for IP 10.252.0.97

C:\Program Files\Suricata>suricata.exe -c suricata.yaml -s signatures.rules -i 192.168.0.3
8/10/2022 -- 12:59:10 - <Info> - Running as service: no
8/10/2022 -- 12:59:10 - <Info> - translated 192.168.0.3 to pcap device \Device\NPF_{887DE346-4E47-47D9-8D69-6D416D7A7B15}
Error opening file C:\\Program Files\\Suricata\\log/suricata.log
8/10/2022 -- 12:59:10 - <Notice> - This is Suricata version 6.0.6 RELEASE running in SYSTEM mode
8/10/2022 -- 12:59:10 - <Warning> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol sip enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
8/10/2022 -- 12:59:10 - <Warning> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol mqtt enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
8/10/2022 -- 12:59:10 - <Warning> - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol rdp enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
8/10/2022 -- 12:59:10 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "C:\\Program Files\\Suricata\\log/fast.log": Permission denied
8/10/2022 -- 12:59:10 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - output module "fast": setup failed
8/10/2022 -- 12:59:10 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "C:\\Program Files\\Suricata\\log/eve.json": Permission denied
8/10/2022 -- 12:59:10 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - output module "eve-log": setup failed
8/10/2022 -- 12:59:10 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "C:\\Program Files\\Suricata\\log/stats.log": Permission denied
8/10/2022 -- 12:59:10 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - output module "stats": setup failed
8/10/2022 -- 12:59:10 - <Warning> - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
8/10/2022 -- 12:59:10 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file C:\\Program Files\\Suricata\\rules\\emerging-adware_pup.rules: No such file or directory.
8/10/2022 -- 12:59:11 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file C:\\Program Files\\Suricata\\rules\\emerging-coinminer.rules: No such file or directory.
8/10/2022 -- 12:59:11 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file C:\\Program Files\\Suricata\\rules\\emerging-ja3.rules: No such file or directory.
8/10/2022 -- 12:59:12 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file C:\\Program Files\\Suricata\\rules\\emerging-phishing.rules: No such file or directory.
8/10/2022 -- 12:59:13 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file signatures.rules: No such file or directory.
8/10/2022 -- 12:59:13 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "C:\Program Files\Suricata\\\threshold.config": No such file or directory
8/10/2022 -- 12:59:13 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.slightpulseM2' is checked but not set. Checked in 2032912 and 0 other sigs
8/10/2022 -- 12:59:15 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on \Device\NPF_{887DE346-4E47-47D9-8D69-6D416D7A7B15}: Checksum IPv4 Rx: 1 Tx: 1 IPv6 Rx: 1 Tx: 1 LSOv1 IPv4: 0 LSOv2 IPv4: 1 IPv6: 1
8/10/2022 -- 12:59:15 - <Notice> - all 5 packet processing threads, 2 management threads initialized, engine started.

Please ignore the date. I still receive the same error.

Hello, welcome to our forum ^^

Can you please share what are your configuration values? You could either share your suricata.yaml or the result of running suricata --dump-config

No sure how relevant this is, but you’ve mentioned being new to linux, but those errors seem to be from running Suricata on Windows. Are you running a virtual machine or something like that?

So sorry for the delay! Yes, I’m using it on Windows but from my understanding it’s written in Linux. Per a different team member’s advice, I’m using the desktop application - no virtual machine. Yet. I haven’t been able to get Suricata fully running once yet. When I run it, that’s what happens. It stalls on that.

Thanks for the welcome.