4. Suricata failing to start interface

Suricata failing to start interface

  • W

    So I've been using a youtube video made by "Lawrence Systems" to set up Suricata initially before fine tuning anything. But after trying to start the interface it runs into this issue. The system has 24 GB of RAM and I honestly don't understand the error message so that brings me here to see if someone can explain what it is getting caught on.

    0_1547410420494_d3aea7ec-78ab-4ba8-b174-5b41270309a4-image.png

    0 1 Reply

  • @wafflez19
    Go to the FLOW/STREAM tab and start increasing the TCP Stream Flow Memcap setting. The default is 32 MB (if I recall correctly), but with high core-count processors the default value may need doubling or even quadrupling in order for Suricata to start. The default value works fine on dual and quad-core processors, but higher core counts need much more Stream Memory. In your case, witih 16 cores, I would start with 256 MB and go up from there until Suricata starts reliably.

    Search this sub-forum for the same error (stream memcap) and you should find posts similar to yours with the solution. One of the posts in the past included the formula to use for calculating the amount of required memory based on your CPU core count.

    1
suricata 3
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy