Suricata af-packet ips

ozgur · January 11, 2023, 11:53am

Hi everyone,
I set up af-packet section according to 13. Setting up IPS/inline for Linux — Suricata 7.0.0-rc1-dev documentation .When I run suricata it gave errors. The errors are
“”"
[643279] 11/1/2023 – 11:39:05 - (source-af-packet.c:479) (AFPPeersListCheck) – [ERRCODE: SC_ERR_AFP_CREATE(190)] - Threads number not equals
[643279] 11/1/2023 – 11:39:05 - (runmode-af-packet.c:890) (RunModeIdsAFPWorkers) – [ERRCODE: SC_ERR_FATAL(171)] - Some IPS capture threads did not peer.

“”"
Any help would be great. Best regards,

This is af-packet section configuration.

interface: eth0
threads: 1
defrag: yes
cluster-type: cluster_flow
cluster-id: 98
copy-mode: ips
copy-iface: eth1
buffer-size: 64535
use-mmap: yes
- interface: eth1
  threads: 1
  cluster-id: 97
  defrag: yes
  cluster-type: cluster_flow
  copy-mode: ips
  copy-iface: eth0
  buffer-size: 64535
  use-mmap: yes

Andreas_Herz · January 17, 2023, 8:40pm

Can you paste your complete suricata.yaml as a file?

Topic		Replies	Views
How to configure suricata IPS mode with AF-PACKET? Help ips , community , suricata	1	1601	July 17, 2022
Af_packet IPS mode on centos8 or Rocky8 Help ips , centos	3	1246	December 20, 2021
Suricata does not block attacks Help ips , rules , suricata	7	64	July 30, 2024
Wrong --af-packet configuration but why? Help suricata	0	16	September 4, 2024
Af-packet: Some IPS capture threads did not peer Help ips , community , suricata	2	136	July 2, 2024

Suricata af-packet ips

Related Topics