Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata failing to start interface

    Scheduled Pinned Locked Moved IDS/IPS
    suricata
    2 Posts 2 Posters 859 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Wafflez19
      last edited by

      So I've been using a youtube video made by "Lawrence Systems" to set up Suricata initially before fine tuning anything. But after trying to start the interface it runs into this issue. The system has 24 GB of RAM and I honestly don't understand the error message so that brings me here to see if someone can explain what it is getting caught on.

      0_1547410420494_d3aea7ec-78ab-4ba8-b174-5b41270309a4-image.png

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @Wafflez19
        last edited by bmeeks

        @wafflez19
        Go to the FLOW/STREAM tab and start increasing the TCP Stream Flow Memcap setting. The default is 32 MB (if I recall correctly), but with high core-count processors the default value may need doubling or even quadrupling in order for Suricata to start. The default value works fine on dual and quad-core processors, but higher core counts need much more Stream Memory. In your case, witih 16 cores, I would start with 256 MB and go up from there until Suricata starts reliably.

        Search this sub-forum for the same error (stream memcap) and you should find posts similar to yours with the solution. One of the posts in the past included the formula to use for calculating the amount of required memory based on your CPU core count.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.