Timothy M Butterworth wrote:
> Is anyone else having problems getting suricata to start?
>
> Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Scheduled
> restart job, restart counter is at 5.
> Mar 10 13:43:33 debian-testing systemd[1]: Stopped suricata.service -
> Suricata IDS/IDP daemon.
> Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Start request
> repeated too quickly.
> Mar 10 13:43:33 debian-testing systemd[1]: suricata.service: Failed with
> result 'exit-code'.
> Mar 10 13:43:33 debian-testing systemd[1]: Failed to start suricata.service
> - Suricata IDS/IDP daemon.
What happens when you run the daemon by hand?
-dsr-
suricata -c /etc/suricata/suricata.yaml -s signatures.rules -i wlo1
Error opening file /var/log/suricata//suricata.log
10/3/2023 -- 16:08:51 - <Notice> - This is Suricata version 6.0.10 RELEASE running in SYSTEM mode
10/3/2023 -- 16:08:51 - <Error> - [ERRCODE: SC_ERR_LOGDIR_CONFIG(116)] - The logging directory "/var/log/suricata/" supplied by /etc/suricata/suricata.yaml (default-log-dir) is not writable. Shutting down the engine
I adjusted the permissions on the logging directory: sudo chmod -R 774 /etc/suricata/ and sudo chmod -R 774 /var/log/suricata/
It now starts.
10/3/2023 -- 16:15:16 - <Notice> - This is Suricata version 6.0.10 RELEASE running in SYSTEM mode
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/suricata.rules
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern signatures.rules
10/3/2023 -- 16:15:16 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 2 rule files specified, but no rules were loaded!
10/3/2023 -- 16:15:16 - <Notice> - all 8 packet processing threads, 4 management threads initialized, engine started.
thanks
Tim