Author Topic: suricata failed to run (Read 5871 times)

Rout3rx · « **on:** December 15, 2017, 06:30:34 am »

hello
i have a problem with suricata, it goes dead after some days and everytime i should remove the pid from /var/run
how can i fix this problem?

Starting suricata.
15/12/2017 -- 08:57:19 - <Info> - Including configuration file installed_rules.yaml.
/usr/local/etc/rc.d/suricata: WARNING: failed to start suricata

part of log file:

Code: [Select]

15/12/2017 -- 08:56:35 - <Notice> - This is Suricata version 4.0.1 RELEASE
15/12/2017 -- 08:56:35 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting!
15/12/2017 -- 08:57:19 - <Notice> - This is Suricata version 4.0.1 RELEASE
15/12/2017 -- 08:57:19 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting!

franco · « **Reply #1 on:** December 15, 2017, 06:32:14 am »

Hi Rout3rx,

We fixed this in FreeBSD recently. This should no longer happen on OPNsense 17.7.10 with Suricata 4.0.3.

Cheer,
Franco

Rout3rx · « **Reply #2 on:** December 15, 2017, 06:43:59 am »

thanks franco.
i think there is another problem else. snort rules not worked with suricata, i set the oinkcode and enable the rules but not matched even 1 rule.
thanks

franco · « **Reply #3 on:** December 15, 2017, 07:00:47 am »

There are a couple of things:

1. Some snort rules crash Suricata due to incompatibilities. You need to tweak the list.
2. It depends on which interfaces you listen to. Default is LAN, some also use WAN in tandem or exclusively.
3. (2) also depends on how your networks addresses are set up for LAN and WAN, you may need to tweak HOME_NET via the advanced configuration.
4. Test Suricata functionality with the EICAR rule.
5. IPS mode does not work on PPPoE at this point due to a technical limitation.

A few very knowledgable threads exist for these topics. We hope to improve the documentation in 2018 to consolidate and refine this knowledge into an extensive how-to or FAQ.

Cheers,
Franco

nuna · « **Reply #4 on:** August 12, 2019, 10:47:26 am »

hi there please help...
i installed suricata-4.1.4 version and it says stale....and it appears in /var/run/suricata.pid is running and ...Aborting
here is sample...
13/8/2019 -- 02:33:18 - <Notice> - This is Suricata version 4.1.4 RELEASE
13/8/2019 -- 02:33:18 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting!

Author Topic: suricata failed to run (Read 5871 times)

Rout3rx

suricata failed to run

franco

Re: suricata failed to run

Rout3rx

Re: suricata failed to run

franco

Re: suricata failed to run

nuna

Re: suricata failed to run