Hi,
Moving from 7.0.10 on Debian Trixie to 8.0.4 installed through backports repo.
With a fresh config file, or using existing, I just get this failure trying to start the service:
systemd[1]: suricata.service: Failed with result 'protocol'.
suricata -T passes just fine. Only errors in the logs are as follows:
[1073623 - Suricata-Main] 2026-04-24 23:28:17 Notice: threads: Threads created -> W: 4 FM: 2 FR: 2 Engine started.
[1073623 - Suricata-Main] 2026-04-24 23:28:17 Notice: suricata: Signal Received. Stopping engine.
[1073623 - Suricata-Main] 2026-04-24 23:28:18 Info: suricata: time elapsed 1.978s
Any insight? I let suricata-update run to make sure the ruleset was updated for version 8.
Many thanks
Run it manually and in the foreground.
Interestingly enough, it just works in the foreground using the same ExecStart command from the service (just swapping -D for -vvv). Or even just running the same command:
suricata -D -q 1024 -q 1025 -q 1026 -q 1027 -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid
Standard suricata.service file as follows:
Unit]
Description=Suricata IDS/IDP daemon
After=network.target network-online.target
Requires=network-online.target
Documentation=man:suricata(8) man:suricatasc(8)
Documentation=https://suricata.io/documentation/
[Service]
Type=notify
PIDFile=/var/run/suricata/suricata.pid
ExecStart=/usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata/suricata.pid
ExecReload=/usr/bin/suricatasc -c reload-rules ; /usr/bin/kill -HUP $MAINPID
ExecStop=/usr/bin/suricatasc -c shutdown
Restart=on-failure
ProtectSystem=full
ProtectHome=true
[Install]
WantedBy=multi-user.target
And the override file for custom settings:
[Service]
ExecStart=
ExecStart=/usr/bin/suricata -D -q 1024 -q 1025 -q 1026 -q 1027 -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid