4. Suricata failing to start interface

Suricata failing to start interface

  • W

    So I've been using a youtube video made by "Lawrence Systems" to set up Suricata initially before fine tuning anything. But after trying to start the interface it runs into this issue. The system has 24 GB of RAM and I honestly don't understand the error message so that brings me here to see if someone can explain what it is getting caught on.

    0_1547410420494_d3aea7ec-78ab-4ba8-b174-5b41270309a4-image.png

    0 1 Reply

  • @wafflez19
    Go to the FLOW/STREAM tab and start increasing the TCP Stream Flow Memcap setting. The default is 32 MB (if I recall correctly), but with high core-count processors the default value may need doubling or even quadrupling in order for Suricata to start. The default value works fine on dual and quad-core processors, but higher core counts need much more Stream Memory. In your case, witih 16 cores, I would start with 256 MB and go up from there until Suricata starts reliably.

    Search this sub-forum for the same error (stream memcap) and you should find posts similar to yours with the solution. One of the posts in the past included the formula to use for calculating the amount of required memory based on your CPU core count.

    1
suricata 9
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy