Suricata won't start (ConditionMemory=>1500000000 was not met)

Huzz · September 5, 2023, 12:33pm

Hi guys,

I can’t get suricata to start on my raspberry pi 3.

Is there a workaround for this?

Andreas_Herz · September 5, 2023, 12:38pm

First of all 6.0.1 is very old, 6.0.13 is the current stable.

Second, how did you install Suricata and how does the systemd template look like?

Huzz · September 5, 2023, 12:44pm

Hi Andreas, thank you for your quick reply. I installed it by doing sudo apt install pirogue-base

The OS image is a Debian GNU/Linux 11 (bullseye) aarch64 which might explain why it is running an old version of Suricata?

Here’s the systemd template:

Andreas_Herz · September 5, 2023, 12:46pm

I would at least use the backports version or rather build your own, you might run into other bugs as well.

What happens if you run this manually:

/usr/bin/suricata --af-packet -c /etc/suricata/suricata.yaml

Also post your suricata.yaml and check suricata.log

Huzz · September 5, 2023, 2:33pm

Yes that command works fine. Nevermind I found the problem. There was a manual override on the memory here: /etc/systemd/system/suricata.service.d/override.conf. I deleted the file and now it works