Suricata af-packet ips

ozgur · January 11, 2023, 11:53am

Hi everyone,
I set up af-packet section according to 13. Setting up IPS/inline for Linux — Suricata 7.0.0-rc1-dev documentation .When I run suricata it gave errors. The errors are
“”"
[643279] 11/1/2023 – 11:39:05 - (source-af-packet.c:479) (AFPPeersListCheck) – [ERRCODE: SC_ERR_AFP_CREATE(190)] - Threads number not equals
[643279] 11/1/2023 – 11:39:05 - (runmode-af-packet.c:890) (RunModeIdsAFPWorkers) – [ERRCODE: SC_ERR_FATAL(171)] - Some IPS capture threads did not peer.

“”"
Any help would be great. Best regards,

This is af-packet section configuration.

interface: eth0
threads: 1
defrag: yes
cluster-type: cluster_flow
cluster-id: 98
copy-mode: ips
copy-iface: eth1
buffer-size: 64535
use-mmap: yes
- interface: eth1
  threads: 1
  cluster-id: 97
  defrag: yes
  cluster-type: cluster_flow
  copy-mode: ips
  copy-iface: eth0
  buffer-size: 64535
  use-mmap: yes

Andreas_Herz · January 17, 2023, 8:40pm

Can you paste your complete suricata.yaml as a file?

Topic		Replies	Views
How to configure suricata IPS mode with AF-PACKET? Help ips , community , suricata	1	1313	July 17, 2022
Af_packet IPS mode on centos8 or Rocky8 Help ips , centos	3	1107	December 20, 2021
AF_Packet upload performance problems when running in IPS mode and using a linux bridge interface Help	3	940	March 11, 2021
Need help with Suricata IPS Setup Help	1	803	September 13, 2021
Running Suricata IPS AF-Packet in docker container Help ips , rules , docker , suricata	3	2534	July 13, 2023

Suricata af-packet ips

Related Topics