PRAYA
July 13, 2020, 1:17pm
1
Installed suricata-5.0.0 in Centos but unable to start the service:
[root@ip-172-31-xx-xx :suricata-5.0.0]# sudo systemctl status -l suricata
Jul 11 15:42:52 ip-172-31-xx-xx.us-east-2.compute.internal systemd[1]: Started Suricata Intrusion Detection Service.
I noticed that suricata.pid file is missing from /usr/local/var/run/.
vjulien
July 13, 2020, 1:34pm
2
What does /sbin/suricata -V give? Since the other paths are in /usr/local/ should the bin also be there?
Please make sure you use 5.0.3 btw, it fixes a large number of issues in 5.0.0.
1 Like
PRAYA
July 13, 2020, 1:36pm
3
Output is here:
[root@ip-172-31-xx-xx ~]# /sbin/suricata -V
PRAYA
July 13, 2020, 1:49pm
4
vjulien:
/usr/local/
Can i copy bin folder to /usr/local/?
Locate where the suricata binary is installed with find / -name suricata.find, execute the path with -V
1 Like
PRAYA
July 13, 2020, 1:57pm
6
Jeff_Lucovsky:
find / -name suricata
[root@ip-172-31-28-96 ~]# find / -name suricata
There’s 2 installs of suricata … one in /usr/local/ and on in the root.
Try /usr/bin/suricata -V and /usr/local/bin/suricata -V
PRAYA
July 13, 2020, 2:43pm
9
[root@ip-172-31-xx-xx ~]# /usr/bin/suricata -V
PRAYA
July 14, 2020, 6:11am
10
Hello @ [Jeff Lucovsky],
Can you please suggest me what is the next step in order to fix this issue.
Please upgrade to Suricata 5.0.3 per @vjulien ’s suggestion before trying anything else.
vjulien
July 14, 2020, 12:38pm
12
Before that please remove both existing installs to avoid conflicts and confusion later.
PRAYA
July 14, 2020, 12:39pm
13
Sure thanks! I will comeback to you once i installed 5.0.3
PRAYA
July 14, 2020, 2:40pm
14
Hello @vjulien /@Jeff_Lucovsky
I have freshly installed suricata-5.0.3: Post installation iam getting error:
[root@ip-172-31-xx-x suricata-5.0.3]# suricata -V
ish
July 14, 2020, 3:09pm
15
It looks like you installed from source? You may need to add:
ldconfig /usr/local/lib
(alter depending on what you used for --prefix).
PRAYA
July 20, 2020, 6:49am
16
Installation successfull in 5.0.3, thanks for your support.
Dear people
I see this error:
I have suricata version 4 and after some changes this happened.
How could I resolve it?
Hello there,
When you mention some changes, what kind of changes were those?
I’d like to add: if possible, it is highly recommended that you update your Suricata, as Suricata 4 hasn’t been supported for a while.
Dear Ju,
We have a power outage in data center and after that PCI NIC that was capturing traffic damaged and I switched to onboard NIC and changed the linux interface settings and suricata.yaml but cannot start suricata yet.
How can I start troubleshooting?
Thank you very much
Hello, do you see any other error output?
This is not my area of expertise, but I’d try to see if there’s any more info to understand the situation.
You could also try sharing your setup and configuration here.
And, if possible, I would highly recommend that you updated your Suricata version, as 4 hasn’t been supported for a long while…
Dear Ju
I loaded pf_ring.ko with insmod and the problem solved.
1 Like