Project

General

Profile

Forums » Help »

suricata: symbol lookup error: suricata: undefined symbol: pfring_open

Added by ido rosner about 11 years ago

Hi,

I'm runs suricata on ubuntu 12.10 64bit with pf_ring, after installation of "python-dev" package I can't start suricata.

This is the command that I used to run:
suricata --pfring-int=eth1 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml –D

This is the output:
[29488] 9/7/2013 -- 16:28:55 - (suricata.c:1285) <Info> (main) -- This is Suricata version 2.0dev (rev 71c22dd)
[29488] 9/7/2013 -- 16:28:55 - (util-cpu.c:166) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 2
[29488] 9/7/2013 -- 16:28:55 - (util-ioctl.c:91) <Info> (GetIfaceMTU) -- Found an MTU of 1500 for 'eth1'
[29488] 9/7/2013 -- 16:28:55 - (defrag-hash.c:203) <Info> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
[29488] 9/7/2013 -- 16:28:55 - (defrag-hash.c:228) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 144
[29488] 9/7/2013 -- 16:28:55 - (defrag-hash.c:235) <Info> (DefragInitConfig) -- defrag memory usage: 13107056 bytes, maximum: 33554432
[29488] 9/7/2013 -- 16:28:55 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow load balancer
[29488] 9/7/2013 -- 16:28:55 - (tmqh-packetpool.c:130) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 4362240
[29488] 9/7/2013 -- 16:28:55 - (host.c:204) <Info> (HostInitConfig) -- allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56
[29488] 9/7/2013 -- 16:28:55 - (host.c:227) <Info> (HostInitConfig) -- preallocated 1000 hosts of size 120
[29488] 9/7/2013 -- 16:28:55 - (host.c:229) <Info> (HostInitConfig) -- host memory usage: 349376 bytes, maximum: 16777216
[29488] 9/7/2013 -- 16:28:55 - (flow.c:412) <Info> (FlowInitConfig) -- allocated 3670016 bytes of memory for the flow hash... 65536 buckets of size 56
[29488] 9/7/2013 -- 16:28:55 - (flow.c:436) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 272
[29488] 9/7/2013 -- 16:28:55 - (flow.c:438) <Info> (FlowInitConfig) -- flow memory usage: 6390016 bytes, maximum: 33554432
[29488] 9/7/2013 -- 16:28:55 - (reputation.c:442) <Info> (SRepInit) -- IP reputation disabled
[29488] 9/7/2013 -- 16:28:55 - (util-magic.c:61) <Info> (MagicInit) -- using magic-file /usr/share/file/magic
[29488] 9/7/2013 -- 16:28:55 - (suricata.c:1875) <Info> (main) -- Delayed detect disabled
[29488] 9/7/2013 -- 16:28:56 - (detect.c:454) <Info> (SigLoadSignatures) -- 18 rule files processed. 3949 rules successfully loaded, 0 rules failed
[29488] 9/7/2013 -- 16:28:57 - (detect.c:2662) <Info> (SigAddressPrepareStage1) -- 3949 signatures processed. 732 are IP-only rules, 1033 are inspecting packet payload, 2511 inspect application layer, 0 are decoder event only
[29488] 9/7/2013 -- 16:28:57 - (detect.c:2665) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: adding signatures to signature source addresses... complete
[29488] 9/7/2013 -- 16:28:57 - (detect.c:3291) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... complete
[29488] 9/7/2013 -- 16:28:57 - (detect.c:3951) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... complete
[29488] 9/7/2013 -- 16:28:57 - (util-threshold-config.c:983) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found
[29488] 9/7/2013 -- 16:28:57 - (util-coredump-config.c:122) <Info> (CoredumpLoadConfig) -- Core dump size set to unlimited.
[29488] 9/7/2013 -- 16:28:57 - (util-logopenfile.c:169) <Info> (SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log
[29488] 9/7/2013 -- 16:28:57 - (alert-unified2-alert.c:1043) <Info> (Unified2AlertInitCtx) -- Unified2-alert initialized: filename unified2.alert, limit 32 MB
[29488] 9/7/2013 -- 16:28:57 - (util-logopenfile.c:169) <Info> (SCConfLogOpenGeneric) -- tls-log output device (regular) initialized: tls.log
[29488] 9/7/2013 -- 16:28:57 - (alert-pcapinfo.c:195) <Info> (AlertPcapInfoInitCtx) -- Fast log output initialized, filename: alert-pcapinfo.log
[29488] 9/7/2013 -- 16:28:57 - (util-logopenfile.c:169) <Info> (SCConfLogOpenGeneric) -- alert-debug output device (regular) initialized: alert-debug.log
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "management-cpu-set"
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "receive-cpu-set"
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "decode-cpu-set"
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "stream-cpu-set"
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "detect-cpu-set"
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:163) <Error> (build_cpuset) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - detect-cpu-set: upper bound (2) of cpu set is too high, only 2 cpu(s)
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'medium'
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "verdict-cpu-set"
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'high'
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "reject-cpu-set"
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'low'
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "output-cpu-set"
[29488] 9/7/2013 -- 16:28:57 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'medium'
[29488] 9/7/2013 -- 16:28:57 - (runmode-pfring.c:324) <Info> (ParsePfringConfig) -- Using flow cluster mode for PF_RING (iface eth1)
[29488] 9/7/2013 -- 16:28:57 - (util-runmodes.c:441) <Info> (RunModeSetLiveCaptureAutoFp) -- Going to use 2 ReceivePfring receive thread(s)
[29489] 9/7/2013 -- 16:28:57 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 0
[29489] 9/7/2013 -- 16:28:57 - (tm-threads.c:1308) <Info> (TmThreadSetupOptions) -- Setting prio 0 for "RxPFR1" Module to cpu/core 0, thread id 29489
suricata: symbol lookup error: suricata: undefined symbol: pfring_open

I tried to reinstall suricata and nothing changed..

Anyone can help ?


Replies (1)

RE: suricata: symbol lookup error: suricata: undefined symbol: pfring_open - Added by Toshi MARUYAMA about 11 years ago

It seems you post to wrong forum.

    (1-1/1)