Hi guys! , I’m doing a clean install of Suricata 8 on Ubuntu 22.04 and when I look at the logs, it shows me that there are directories that were not created.
Starting Suricata IDS/IPS/NSM/FW daemon…
Jul 18 15:12:57 sensor systemd[1]: Started Suricata IDS/IPS/NSM/FW daemon.
Jul 18 15:12:57 sensor suricata[2673]: i: suricata: This is Suricata version 8.0.0 RELEASE running in SYSTEM mode
Jul 18 15:12:57 sensor suricata[2673]: E: pidfile: unable to set pidfile ‘/run/suricata.pid’: Permission denied
Jul 18 15:12:57 sensor suricata[2673]: E: suricata: Unable to create PID file, concurrent run of Suricata can occur.
Jul 18 15:12:57 sensor suricata[2673]: E: suricata: PID file creation WILL be mandatory for daemon mode in future version
Jul 18 15:13:23 sensor suricata[2673]: i: mpm-hs: Rule group caching - loaded: 108 newly cached: 0 total cacheable: 108
Jul 18 15:13:23 sensor suricata[2673]: E: unix-manager: failed to create socket directory /var/run/suricata/: Permission denied
Jul 18 15:13:23 sensor suricata[2673]: W: unix-manager: Unable to create unix command socket
Jul 18 15:13:24 sensor suricata[2673]: i: threads: Threads created → W: 2 FM: 1 FR: 1 Engine started.
mkdir -p /var/run/suricata
chown -R suricata:suricata /var/run/suricata/
I restart Suricata again and it says the process cannot be created.
Jul 18 15:36:29 sensor suricata[4231]: E: pidfile: unable to set pidfile ‘/run/suricata.pid’: Permission denied
Jul 18 15:36:29 sensor suricata[4231]: E: suricata: Unable to create PID file, concurrent run of Suricata can occur.
Jul 18 15:36:29 sensor suricata[4231]: E: suricata: PID file creation WILL be mandatory for daemon mode in future version
remove the comment inside of Suricata.yaml
pid-file: /var/run/suricata/suricata.pid
It doesn’t work either