Suricata Configuration

Dear Forumer,
I cannot start my suricata at boot time. I don't know how to fix it.
Code:
suricata_enable="YES"
suricata_interface="bge0"
suricata.log
Code:
6/12/2019 -- 13:33:10 - <Notice> - Signal Received.  Stopping engine.
6/12/2019 -- 13:33:12 - <Notice> - Stats for 'bge0':  pkts: 11050, drop: 0 (0.00%), invalid chk
sum: 0
6/12/2019 -- 13:33:12 - <Error> - [ERRCODE: SC_ERR_SYSCALL(50)] - Unable to set caps for iface
"bge0": Invalid argument
Please help. Thanks.
 
Last edited by a moderator:
This is my suricata conf:

/etc/rc.conf.d/suricata
Code:
suricata_enable=YES
suricata_netmap=NO
suricata_interface=wan
suricata_flags="-D -v"
#suricata_netmap=YES

Suricata runs for me on my WAN interface and I do have logs being generated. I am hoping to get into that more ...

The error from above:
Code:
6/12/2019 -- 13:33:12 - <Error> - [ERRCODE: SC_ERR_SYSCALL(50)] - Unable to set caps for iface
"bge0": Invalid argument

seems like the reason why it is failing.

It seems like "bge0" is the right interface because it is able to collect some packets, perhaps netmap is the problem. That is the high-speed packet capture framework.
 
Back
Top