Unable to use socket

Please include the following information with your help request:

• Suricata version 7.0.5
  Debian 12 and ubuntu 22.04 LTS
  Installed suricata trought apt packages
  Everytime I try to reload rules using either suricata-update or following the tutorial here
  9.3. Rule Reloads — Suricata 8.0.0-dev documentation
  and trying the fix used here
  Suricatasc can not find /var/run/suricata-command.socket:

I always get
Unable to connect to socket /var/run/suricata/suricata-command.socket: L178: [Errno 2] No such file or directory

I have tried this in two machines both a Debian 12 and ubuntu 22.04 machine at first it looks like the reloads worked in the first days and then i just can never reload the rules unless I do a systemctl restart suricata

Interesting… for me (also using Debian 12’s Suricata package from bookworm-backports) the socket is in /var/run/suricata-command.socket – and that’s where suricatasc is also looking for by default

$ apt show suricata 2>/dev/null  | head -n 2
Package: suricata
Version: 1:7.0.5-2~bpo12+1
$ ls -Al /var/run/suricata-command.socket
srw-rw---- 1 root root 0 May 20 09:17 /var/run/suricata-command.socket
$ sudo suricatasc -c version
{"message": "7.0.5 RELEASE", "return": "OK"}

Actually when i tried following the fix in Suricatasc can not find /var/run/suricata-command.socket: i get No such file or directory

when i don’t try the fix i always get

sudo suricatasc -c version
Unable to connect to socket /var/run/suricata-command.socket: L178: [Errno 111] Connection refused

THis is what i have inside suricata.yaml

unix-command:
enabled: yes
filename: suricata-command.socket

Can you try configuring the full path in your suricata.yaml?
I.e. set filename to /var/run/suricata-command.socket (which at least seems to exist) and restart Suricata?

apparently it worked now.

I will have this running for a couple of days to see if it breaks it self again