Bug #1496: confusing logging error message - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1496

closed

confusing logging error message

Added by god lol over 9 years ago. Updated over 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

When starting Suricata in lxc on one of my servers I got the following error:

<Error> - [ERRCODE: SC_ERR_MISSING_CONFIG_PARAM(118)] - NO logging compatible with daemon mode selected, suricata won't be able to log. Please update 'logging.outputs' in the YAML.
<Notice> - This is Suricata version 2.1beta4 RELEASE

It's is especially confusing because on another server the same configuration works just fine.

/etc/default/suricata:
RUN=yes
RUN_AS_USER=
SURCONF=/etc/suricata/suricata.yaml
LISTENMODE=af-packet
IFACE=eth0
NFQUEUE=0
TCMALLOC="YES"
PIDFILE=/run/suricata.pid

/etc/suricata/suricata.yaml:
outputs:

a line based alerts log similar to Snort's fast.log
- fast:
enabled: yes
filename: fast.log
append: yes
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'

Extensible Event Format (nicknamed EVE) event log in JSON format
- eve-log:
enabled: yes

Where can I read more about logging compatibility with daemon mode (and why it's related in a first place?)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1496

confusing logging error message

Updated by Victor Julien over 9 years ago

Updated by god lol over 9 years ago

Updated by Victor Julien over 8 years ago