Peter Manev
Peter Manev
Is there an error towards the end of the suricata.log ? > -- > Regards, > Peter Manev > On 30 Jan 2022, at 09:28, CindyStudyEveryday ***@***.***> wrote: > >...
Can you try the following rm /var/ run/suricata.pid Then restart the suricata service (systemctl restart suricata) > -- > Regards, > Peter Manev > On 30 Jan 2022, at 09:54,...
What does this command return: ps -aux |grep suricata ? > -- > Regards, > Peter Manev > On 30 Jan 2022, at 10:16, CindyStudyEveryday ***@***.***> wrote: > > ...
so there is no suricata running but the pid deletion did not succeed it seems -did you use `sudo` ? can you try : ``` sudo rm /var/ run/suricata.pid sudo...
The error seems different this time - related to the sniffing interface possibly. Can you please share the output of `tail -20 /var/log/suricata/suricata.log` in text and upload here, if ok...
Have you done any config changes ? > -- > Regards, > Peter Manev > On 30 Jan 2022, at 14:54, CindyStudyEveryday ***@***.***> wrote: > > > okok >...
Thanks, I mean in terms of the suricata.yaml config ?
ok interesting. It is complaining about that the block size is not as expected ``` [1535] 30/1/2022 -- 08:40:52 - (source-af-packet.c:1783) (AFPComputeRingParamsV3) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Block size is too...
I think you just need to export the ES data and then import it tot he new instance - or take and restore a backup.
Which Scirius version is that ?