Suricata won't start on a new SG-3100 with default settings
-
I just bought a new SG-3100 from Netgate. I went thought the setup wizard and after that installed the Suricata package. I enabled the ET Open rules and enabled the rules, and tried to start the Suricata WAN interface. It spins for about 3 seconds and doesn't start.
I checked the Suricata logs and there's nothing in there.
In my lab testing on a Mac Mini, I wasn't able start Suricata on it due to too many cores (8), so I had to bump up memory settings on the interface. Since this SG-3100 only has 2 cores, I wouldn't suspect that is the issue.
I assumed that a popular package like Suricata would just work on official Netgate hardware with default configs, so I'm not sure what's going on or what to check next.
Appreciate any suggestions on how I might resolve this issue.
Thank you.
-
Check the main System log for any errors there. It should not require any special configuration to start on the SG-3100.
Are there any logs in /var/log/suricata/?
Steve
-
Try to start Suricata from the GUI. If it fails, then click on the LOGS VIEW tab and then select the
suricata.logfile in the drop-down for which log to view. Read through that log, or post its contents here for assistance. There should be an error in that log file describing the problem. Suricata is pretty good about letting you know what it does not like.In the rare event that log is totally empty, then the next possibility is that the Suricata installation itself is corrupt or failed to complete. You can either try deleting the package and installing it again (you won't lose your current settings), or you can try this at a shell prompt to be sure Suricata can actually run:
suricata -VThat should print out some version information and exit. If it prints any error message, then you will know what's up. But run this command only after checking the
suricata.logfile that I mentioned previously.
