| Git Clone URL: | https://aur.archlinux.org/suricata.git (read-only, click to copy) |
|---|---|
| Package Base: | suricata |
| Description: | A high performance Network IDS, IPS and Network Security Monitoring engine, Vectorscan instead of hyperscan |
| Upstream URL: | https://suricata.io/ |
| Licenses: | GPL2 |
| Conflicts: | suricata-nfqueue |
| Submitter: | Dragonlord |
| Maintainer: | jskier (amish) |
| Last Packager: | jskier |
| Votes: | 33 |
| Popularity: | 0.000514 |
| First Submitted: | 2010-01-03 21:02 (UTC) |
| Last Updated: | 2026-03-29 00:11 (UTC) |
@jasonish great idea! I ran a test of this over the weekend. Also note the issue with hyperscan installed going forward (needs to be removed without consideration for the previous suricata dependency). Thank you.
I have not forgotten about the v7 fork. I have had some health issues lately that need to be addressed. Likewise, I anticipate I'll be able to do the work in AUR this summer.
Any thoughts on depending on Vectorscan instead of Hyperscan. Its been updated more recently.
Pushing 7 latest stable for now, working on getting 8 compiling. I will rework and fork the package to keep 7 going alongside 8, as that is what the suricata team is doing.
If you are interested in co-maintaining and helping with 8 and the fork, please reach out to me - help is always welcome.
Hi, seems like libunwind and libbpf are missing as dependencies, as configuration yields the following error:
checking for unw_backtrace in -lunwind... no
libunwind library and development headers not found
stacktrace on unexpected termination due to signal not possible
checking for elf_begin in -lelf... (cached) yes
checking for bpf_object__open in -lbpf... no
libbpf library and development headers not found but
needed to use eBPF code. It can be found at
https://github.com/libbpf/libbpf
Hi jskier,
Assuming a search key-id to your name, which one is in use for the package? I'd like to only grab the one I need.
@stimunix, read this: https://wiki.archlinux.org/title/GnuPG#Searching_and_receiving_keys
Hello, I tried to install the package, however I got the following error.
==> Verifying source file signatures with gpg...
suricata-6.0.10.tar.gz ... FAILED (unknown public key 2BA9C98CCDF1E93A)
==> ERROR: One or more PGP signatures could not be verified!
In what way does this package 'conflicts' with rustup!?
@k96hkh, interesting, I was able to replicate this. The run-as config delegates the daemon to the suricata user / group, which is a problem because I believe this fast.log is set to root permissions.
I'll try to think of a solution for this beyond removing run-as from config. If I run suricata-update as suricata user, that error goes away, but it causes this CAP permission error. I have updated the forum posting you referenced for help on this.
Hello, have run into a small issue with the suricata-update. It appears to work fine as long there are no updates but if there are the update fails at "suricata -T" when the suricata-update.service is triggered by the timer. Same result if I run the service directly or "sudo suricata-update" as instructed in the Suricata user guide
31/12/2022 -- 10:50:53 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 39969; enabled: 32203; added: 65; removed 2; modified: 1296
31/12/2022 -- 10:50:54 - <Info> -- Writing /var/lib/suricata/rules/classification.config
31/12/2022 -- 10:50:54 - <Info> -- Testing with suricata -T.
31/12/2022 -- 10:50:54 - <Error> -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/tmp/tmpbn4c1yr0/fast.log": Permission denied
31/12/2022 -- 10:50:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - output module "fast": setup failed
31/12/2022 -- 10:50:54 - <Error> -- Suricata test failed, aborting.
31/12/2022 -- 10:50:54 - <Error> -- Restoring previous rules.
I found this on the suricata forum https://forum.suricata.io/t/suricata-update-errcode-when-suricata-t-runs/1083. And if I comment out the "run as" I get this result.
31/12/2022 -- 13:50:17 - <Info> -- Backing up current rules.
31/12/2022 -- 13:50:22 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 39969; enabled: 32203; added: 65; removed 2; modified: 1296
31/12/2022 -- 13:50:23 - <Info> -- Writing /var/lib/suricata/rules/classification.config
31/12/2022 -- 13:50:23 - <Info> -- Testing with suricata -T.
31/12/2022 -- 13:51:01 - <Info> -- Done.
Can't figure out where the ownership falls between the chairs.
Pinned Comments
jskier commented on 2025-10-24 17:05 (UTC)
Pushing 7 latest stable for now, working on getting 8 compiling. I will rework and fork the package to keep 7 going alongside 8, as that is what the suricata team is doing.
If you are interested in co-maintaining and helping with 8 and the fork, please reach out to me - help is always welcome.