suricata failed to run

Started by Rout3rx, December 15, 2017, 06:30:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 15, 2017, 06:30:34 AM
hello
i have a problem with suricata, it goes dead after some days and everytime i should remove the pid from /var/run
how can i fix this problem?

Starting suricata.
15/12/2017 -- 08:57:19 - <Info> - Including configuration file installed_rules.yaml.
/usr/local/etc/rc.d/suricata: WARNING: failed to start suricata

part of log file:

Code Select
15/12/2017 -- 08:56:35 - <Notice> - This is Suricata version 4.0.1 RELEASE
15/12/2017 -- 08:56:35 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting!
15/12/2017 -- 08:57:19 - <Notice> - This is Suricata version 4.0.1 RELEASE
15/12/2017 -- 08:57:19 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting!
December 15, 2017, 06:32:14 AM #1
Hi Rout3rx,

We fixed this in FreeBSD recently. This should no longer happen on OPNsense 17.7.10 with Suricata 4.0.3.


Cheer,
Franco
December 15, 2017, 06:43:59 AM #2
thanks franco.
i think there is another problem else. snort rules not worked with suricata, i set the oinkcode and enable the rules but not matched even 1 rule.
thanks
December 15, 2017, 07:00:47 AM #3
There are a couple of things:

1. Some snort rules crash Suricata due to incompatibilities. You need to tweak the list.
2. It depends on which interfaces you listen to. Default is LAN, some also use WAN in tandem or exclusively.
3. (2) also depends on how your networks addresses are set up for LAN and WAN, you may need to tweak HOME_NET via the advanced configuration.
4. Test Suricata functionality with the EICAR rule.
5. IPS mode does not work on PPPoE at this point due to a technical limitation.

A few very knowledgable threads exist for these topics. We hope to improve the documentation in 2018 to consolidate and refine this knowledge into an extensive how-to or FAQ.


Cheers,
Franco
August 12, 2019, 10:47:26 AM #4
hi there please help...
i installed suricata-4.1.4 version and it says stale....and it appears in /var/run/suricata.pid is running and ...Aborting
here is sample...
13/8/2019 -- 02:33:18 - <Notice> - This is Suricata version 4.1.4 RELEASE
13/8/2019 -- 02:33:18 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting!
Print
Go Up Pages1
User actions