Running Suricata

Help
1

image
image1083×388 153 KB

After config .yaml, i run
sudo tail /var/log/suricata/suricata.log
and it announced - all 4 packet processing threads, 4 management threads initialized, engine started. but when i run
suricata -c /etc/suricata/suricata.yaml -i ens33
it fail like the image.
tks all.

2

Hello there and welcome to our community :slight_smile:

From your screenshot, it seems that there are a couple of things happening:

  • Suricata couldn’t find the interface/device you provided
  • The path for the rules file didn’t have any actual rule files

have you double-checked those?

3

So this is my ip ad and this is my conf, can you tell me where i’m wrong? Tks

image
image2560×1600 275 KB

image
image807×263 17.9 KB

image
image1474×412 76.3 KB

image
image750×127 11.7 KB

4

Hello,

from the screenshots you’ve shared, I’ve noticed two things:

  • ens33 doesn’t show among the network interfaces listed
  • there doesn’t seem to be a detect-dos.rules file in the rules directory

I’d suggest changing the network interface suricata tries to listen on, when running suricata, to match on eth0, and either removing detect-dos-.rules from the config, or bringing the rules file to the rules directory.

Hope that some of that helps :slight_smile:

1 Like