Hi
I am running suricata 4.1.2. from Debian Buster repo. I have enabled unix-command in suricata.yaml
unix-command:
enabled: yes
filename: suricata-command.socket
I can see from build-info that
Unix socket enabled: yes
But when I start suricata no socket file is created so suricatasc command fails
suricatasc -v
Unable to connect to socket /var/run/suricata-command.socket: [Errno 2] No such file or directory
Am I missing something here ?
Regards
Kashif
Can you run suricata -c suricata.yaml --dump-config|grep -e dir -e unix-command?
Hi Jeff
suricata -c /etc/suricata/suricata.yaml --dump-config | grep -e dir -e unix-
default-log-dir = /var/log/suricata/
unix-command = (null)
unix-command.enabled = yes
unix-command.filename = suricata-command.socket
Thanks
Kashif
Hello!
Welcome to our forum. 
Could you please show the logs and the command you’re trying to run for launching Suricata?
Hi Shivani
I am using systemctl to start suricata
systemctl start suricata
suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/lib/systemd/system/suricata.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-08-04 15:16:02 BST; 32min ago
Docs: man:suricata(8)
man:suricatasc(8)
https://suricata-ids.org/docs/
Process: 2353 ExecStart=/usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid (code=exited, status=0/SUCCESS)
Main PID: 2389 (Suricata-Main)
Tasks: 70 (limit: 9830)
Memory: 13.8G
CGroup: /system.slice/suricata.service
`-2389 /usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid
There is no error/warning logs in /var/log/suricata/suricata.log
Thanks
Kashif
Thank you. Could you please check the logs for any lines that say Using unix socket file '/var/run/suricata/suricata-command.socket' and maybe anything following that?
Usually the sockets are not created due to permission issues but that should have a clear error in the logs. Since there are no errors, just want to figure out what is happening at the time of creation.
Hi Shivani
I found the problem. It is expecting full path name for unix-socket-file
filename: /var/run/suricata-command.socket
After providing full path, it worked.
Thanks for your help.
Cheers
Kashif
That’s great! Please do not forget to mark your solution so that if others have the same problem in future, they know that this thread leads to a solution.