Hello Ninjas,
I need assistance with my Suricata conf file.
Service isn’t running.
Kindly find attached.
Regards,
Hunt
Hi,
what version of Suricata are you running, how does your suricata.yaml look like?
Also post the suricata.log which might contain the relevant part that is failing.
Hi Herz,
Kindly find below the information requested.
Suricata version 7.0.0.
suricata.yaml (83.0 KB)
The log doesn’t seem that useful. I wonder if journalctl -xf -u suricata has anymore detail?
Also, how did you install Suricata? And your OS? What was the source of the package if any used.
Thanks,
Linux hackwell 6.4.0-kali3-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.4.11-1kali1 (2023-08-21) x86_64 GNU/Linux
Ah, sorry… I see that Suricata is started with -D so the journal won’t have much. This is unfortunately with the Debian packages.
Try running in the foreground on command line.
- Make sure the service is stopped:
systemctl stop suricata - Then run:
/usr/bin/suricata --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid
This is the same command line from the systemd unit file minus the daemonization option, so should show more output.
Remove the pid file as the error says, then restart using systemctl. I’m not actually sure where this systemd file is coming from, but it doesn’t appear to handle the PID file properly.