SELKS icon indicating copy to clipboard operation
SELKS copied to clipboard

Published 20 hours ago verified publisher icon StamusNetworks

Af-packet warning during startup (suricata)

Open StoryPo opened this issue 5 years ago • 0 comments

During startup, the command suricata -c /etc/suricata/suricata.yaml --af-packet can be observed:

[15819] 7/4/2020 - 08.17.39 - (source-af-packet.c: 1426) <Warning> (AFPsynchronizeStart) - [ERRCODE: SC_ERR_AFP_READ (191)] poll failed with retval -1 How critical is this? Does this require a decision on my part? How critical are the other errors in the screenshot?

Part of the config:

    Linux high speed capture support
    af-packet:
    - interface: ens1f0
    threads: 24
    defrag: yes
    cluster-type: cluster_ebpf
    ebpf-lb-file: /etc/suricata/ebpf/lb.bpf
    cluster-id: 98
    copy-mode: ips
    copy-iface: ens1f1
    buffer-size: 64535
    use-mmap: yes
    ring-size: 100000
    - interface: ens1f1
    threads: 24
    cluster-id: 97
    defrag: yes
    cluster-type: cluster_ebpf
    ebpf-lb-file: /etc/suricata/ebpf/lb.bpf
    copy-mode: ips
    copy-iface: ens1f0
    buffer-size: 64535
    ring-size: 100000
    use-mmap: yes

StoryPo avatar Apr 07 '20 21:04 StoryPo