Please include the following information with your help request:
- Suricata version 6.0.10
- Operating system and/or Linux distribution Debian
- How you installed Suricata (from source, packages, something else) apt-get install suricata
Hello,
I am unable to start suricata and I cant figure out why. it highlights that I do not have eth0 however even when I add this to the suricata service I get the same error.
Any advice would be great,
Thanks!
You’re seeing that error because Debian now names NICs like enp3s0 instead of eth0.
First, find your interface:
ip link show
Note the correct name (e.g. enp3s0).
Then tell Suricata to use it: edit /etc/default/suricata (or /etc/conf.d/suricata) and set
INTERFACE="enp3s0"
If you’ve customized the systemd unit instead, edit its ExecStart to include -i enp3s0. In your suricata.yaml, under af-packet, change any interface: eth0 lines to interface: enp3s0.
Reload and restart:
systemctl daemon-reload
systemctl restart suricata
Check for errors with
journalctl -u suricata -b
suricata -T -c /etc/suricata/suricata.yaml -i enp3s0
That should get Suricata running on the right interface.