W: af-packet: eth0: copy mode activated but no destination iface. Disabling feature

Hello I am installing suricata as part of a project for my cybersecurity degree and am running into struggles

My operating system is kali-purple on Hyper-V. I installed suricata with sudo apt install suricata. It is version 7.0.7

I am unsure why this is happening and after researching a couple of other topics I thought that it would be working. At this point I am stuck.

suricata.service.yaml (629 Bytes)

suricata.yaml (83.9 KB)

These are the two files that I can deduce from other topics are associated with this issue. Please help…

This occurs because of the Suricata configuration in the af-packet section

There’s an interface configuration section for eth0 and within that, copy_mode is set to ips.

In IPS mode, Suricata uses pairs of interfaces and transfers packets between those. Your configuration has a single nic configured but Suricata expects a pairing of eth0 and another interface.

Are you using Suricata in IPS (“active”) mode? If not, comment out copy_mode and things should be better. Non-active or passive mode is also referred to as IDS mode.