Closed Loky85 closed 1 year ago
github-actions[bot]
commented
1 year ago @Loky85: hello! :wave:
This issue is being automatically closed because it does not follow the issue template.
This is open source project! So please apreciate our time that we sacrify from other thing that we could enjoy, instead of asking boring things over and over.
doomedraven
commented
1 year ago if you don't route your traffic over live connection there is pcap
Loky85
commented
1 year ago I solved the pcap problem, but suricata does not start, I get the following error:
2022-11-23 07:17:50,359 [Task 48] [modules.processing.suricata] WARNING: Failed to connect to socket and send command /tmp/suricata-command.socket: [Errno 13] Permission denied
CrimsonGlory
commented
1 year ago @Loky85 were you able to fix the suricata permission error?
fjycomes
commented
6 months ago I solved the pcap problem, but suricata does not start, I get the following error:
2022-11-23 07:17:50,359 [Task 48] [modules.processing.suricata] WARNING: Failed to connect to socket and send command /tmp/suricata-command.socket: [Errno 13] Permission denied
May I ask how it was resolved?
doomedraven
commented
6 months ago do you guys have pcap enabled in routing.conf? if route is Drop/none there are no pcap generation
fjycomes
commented
6 months ago do you guys have pcap enabled in routing.conf? if route is Drop/none there are no pcap generation
routing.conf.txt I have mine set up like a file (changed the suffix for a successful upload)
doomedraven
commented
6 months ago your config does match cape's config, there is missing this just after [routing] , you can add it and set to yes, then sudo systemctl restart cape
# Enable pcap generation for non live connections?
# If you have huge number of VMs, pcap generation can be a bottleneck
enable_pcap = no
About accounts on capesandbox.com
This is open source and you are getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
✔ I did read the README! ✔ I checked the documentation and found no answer ✔ I checked to make sure that this issue has not already been filed ✔ I'm reporting the issue to the correct repository (for multi-repository projects) ✔ I have read and checked all configs (with all optional parts)
Expected Behavior
I expect to be no errors within the logs.
Current Behavior
What is the current behavior?
I have problem with start suricata and pcap file. I followed similar errors, but I did not manage to solve it, and i need a help to resolve the issue.
Please provide detailed steps for reproducing the issue.
Context
022-11-16 23:05:09,272 [Task 45] [modules.processing.behavior] INFO: Analysis results folder does not contain any file or injection was disabled 2022-11-16 23:05:09,279 [Task 45] [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/45/dump.pcap" 2022-11-16 23:05:09,280 [Task 45] [modules.processing.suricata] WARNING: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/45/dump.pcap does not exist
$ git log \| head -n1to find outFailure Logs
022-11-16 23:05:09,272 [Task 45] [modules.processing.behavior] INFO: Analysis results folder does not contain any file or injection was disabled 2022-11-16 23:05:09,279 [Task 45] [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/45/dump.pcap" 2022-11-16 23:05:09,280 [Task 45] [modules.processing.suricata] WARNING: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/45/dump.pcap does not exist