I downloaded the Suricata (Stable) version 5.0.3 software, the Windows 64-bit installer. After the full installation, I tried to open it. But, I could not open it. When I clicked on the Suricata desktop icon to open it, the command prompt window opens up. When the command prompt window opens up, the following message is stated: To run the engine with default configuration on interface eth0 with signature file “signatures.rules”, run the command as: suricata.exe -c suricata.yaml -s signatures.rules -i eth0. I tried running this command and nothing happens, except that the same message comes up. What does this command means? How do I fix this error so that I could use this software as an intrusion detection system? I downloaded the latest stable Suricata software for windows. I don’t understand what went wrong. Do you know what went wrong? I’ve attached snipped pictures of the command prompt window to help you out. Thank you for your help in advance.
Hi @Enshin!
Could you please also include the command that you are running in your screenshot? Usually this happens when Suricata is not provided with any interface at all. Just want to make sure that is in place.
The command is in the screenshot. Could you not see it? If you can’t see it the command is as follows: suricata.exe -c suricata.yaml -s signatures.rules -i eth0. I hope this helps. How do I fix this error?
@Enshin,
Can you post a picture showing you entering the command and the output from Suricata – this is what @sbhardwaj is asking about.
Suricata will continue to display the usage message when the command line options are insufficient.
Suricata requires minimally a packet source meaning (1) a network interface on which it will obtain packets to analyze or (2) one or more pcap files containing network packets.
What Windows OS is that ? We can try to pass the interface to suricata without the ip (just as a dev) but i think the command to find that out might vary per major Win OS version.
I tried those commands and an error message comes up. The error message states that the following: Running as a service: no and failed to find a pcap device for IP 172.16.178.15. This IP address is my private IP address. I’ve also tried different IP addresses. I’ve included a snipped picture for you to see. What am I doing wrong and how do I fix it?