Suricata: [ERRCODE: SC_ERR_IPFW_SOCK(81)] - Can't create divert socket: Protocol not supported

Hello,

I am using FreeBSD 12.2. I installed Suricata package successfully. But Suricata doesn't work properly. How can I solve this problem?




Code:
[root@vmi551894 ~]# pkg info |grep -i suricata
suricata-5.0.5                 High Performance Network IDS, IPS and Security Monitoring engine
[root@vmi551894 ~]# service suricata onestart
Starting suricata.
24/3/2021 -- 22:24:35 - <Notice> - This is Suricata version 5.0.5 RELEASE running in SYSTEM mode
[root@vmi551894 ~]# cat /var/log/suricata/suricata.log
24/3/2021 -- 22:14:16 - <Notice> - This is Suricata version 5.0.5 RELEASE running in SYSTEM mode
24/3/2021 -- 22:14:16 - <Info> - CPUs/cores online: 4
24/3/2021 -- 22:14:16 - <Info> - fast output device (regular) initialized: fast.log
24/3/2021 -- 22:14:16 - <Info> - eve-log output device (regular) initialized: eve.json
24/3/2021 -- 22:14:16 - <Info> - stats output device (regular) initialized: stats.log
24/3/2021 -- 22:14:16 - <Info> - Running in live mode, activating unix socket
24/3/2021 -- 22:14:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/suricata.rules
24/3/2021 -- 22:14:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
24/3/2021 -- 22:14:16 - <Info> - Threshold config parsed: 0 rule(s) found
24/3/2021 -- 22:14:16 - <Info> - 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only
24/3/2021 -- 22:14:16 - <Error> - [ERRCODE: SC_ERR_IPFW_SOCK(81)] - Can't create divert socket: Protocol not supported
24/3/2021 -- 22:14:16 - <Info> - Running in live mode, activating unix socket
24/3/2021 -- 22:14:16 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
24/3/2021 -- 22:14:16 - <Info> - Created socket directory /var/run/suricata/
24/3/2021 -- 22:14:16 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX-8000" failed to initialize: flags 0145
24/3/2021 -- 22:14:16 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
 
I used Google - did you follow all the steps e.g. https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-install-suricata-on-freebsd/

Did you follow any post-install messages (if there were any)?

What steps have you tried so far?

I don't use Suricata so don't have answers, but looks like there's a lot on the internet about FreeBSD and this program, so might be worth having a look at what's out there (but don't blindly follow instructions - see if there's anything that makes sense e.g. the changes to /etc/rc.conf).
 
Back
Top