| Git Clone URL: | https://aur.archlinux.org/suricata.git (read-only, click to copy) |
|---|---|
| Package Base: | suricata |
| Description: | A high performance Network IDS, IPS and Network Security Monitoring engine |
| Upstream URL: | https://suricata.io/ |
| Licenses: | GPL2 |
| Conflicts: | suricata-nfqueue |
| Submitter: | Dragonlord |
| Maintainer: | jskier (amish) |
| Last Packager: | jskier |
| Votes: | 33 |
| Popularity: | 0.016722 |
| First Submitted: | 2010-01-03 21:02 (UTC) |
| Last Updated: | 2025-11-27 04:06 (UTC) |
Pushing 7 latest stable for now, working on getting 8 compiling. I will rework and fork the package to keep 7 going alongside 8, as that is what the suricata team is doing.
If you are interested in co-maintaining and helping with 8 and the fork, please reach out to me - help is always welcome.
Hi, seems like libunwind and libbpf are missing as dependencies, as configuration yields the following error:
checking for unw_backtrace in -lunwind... no
libunwind library and development headers not found
stacktrace on unexpected termination due to signal not possible
checking for elf_begin in -lelf... (cached) yes
checking for bpf_object__open in -lbpf... no
libbpf library and development headers not found but
needed to use eBPF code. It can be found at
https://github.com/libbpf/libbpf
Hi jskier,
Assuming a search key-id to your name, which one is in use for the package? I'd like to only grab the one I need.
@stimunix, read this: https://wiki.archlinux.org/title/GnuPG#Searching_and_receiving_keys
Hello, I tried to install the package, however I got the following error.
==> Verifying source file signatures with gpg...
suricata-6.0.10.tar.gz ... FAILED (unknown public key 2BA9C98CCDF1E93A)
==> ERROR: One or more PGP signatures could not be verified!
In what way does this package 'conflicts' with rustup!?
@k96hkh, interesting, I was able to replicate this. The run-as config delegates the daemon to the suricata user / group, which is a problem because I believe this fast.log is set to root permissions.
I'll try to think of a solution for this beyond removing run-as from config. If I run suricata-update as suricata user, that error goes away, but it causes this CAP permission error. I have updated the forum posting you referenced for help on this.
Hello, have run into a small issue with the suricata-update. It appears to work fine as long there are no updates but if there are the update fails at "suricata -T" when the suricata-update.service is triggered by the timer. Same result if I run the service directly or "sudo suricata-update" as instructed in the Suricata user guide
31/12/2022 -- 10:50:53 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 39969; enabled: 32203; added: 65; removed 2; modified: 1296
31/12/2022 -- 10:50:54 - <Info> -- Writing /var/lib/suricata/rules/classification.config
31/12/2022 -- 10:50:54 - <Info> -- Testing with suricata -T.
31/12/2022 -- 10:50:54 - <Error> -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/tmp/tmpbn4c1yr0/fast.log": Permission denied
31/12/2022 -- 10:50:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - output module "fast": setup failed
31/12/2022 -- 10:50:54 - <Error> -- Suricata test failed, aborting.
31/12/2022 -- 10:50:54 - <Error> -- Restoring previous rules.
I found this on the suricata forum https://forum.suricata.io/t/suricata-update-errcode-when-suricata-t-runs/1083. And if I comment out the "run as" I get this result.
31/12/2022 -- 13:50:17 - <Info> -- Backing up current rules.
31/12/2022 -- 13:50:22 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 39969; enabled: 32203; added: 65; removed 2; modified: 1296
31/12/2022 -- 13:50:23 - <Info> -- Writing /var/lib/suricata/rules/classification.config
31/12/2022 -- 13:50:23 - <Info> -- Testing with suricata -T.
31/12/2022 -- 13:51:01 - <Info> -- Done.
Can't figure out where the ownership falls between the chairs.
It looks like ebpf code was cleaned up in 7 dev branch, based upon testing. I will probably take this package to v7 once stable, however, I did request that the upstream devs backport the fix to 6.x, if it continues.
Hi @jskier, builds fine now, thanks!
Pinned Comments
jskier commented on 2025-10-24 17:05 (UTC)
Pushing 7 latest stable for now, working on getting 8 compiling. I will rework and fork the package to keep 7 going alongside 8, as that is what the suricata team is doing.
If you are interested in co-maintaining and helping with 8 and the fork, please reach out to me - help is always welcome.