SC_ERR_NOT_SUPPORTED(225) with Suricata on CentOS 6.5

Question

I have just installed installed Suricata 2.0.3 RELEASE on CentOS 6.5. I try running it with

sudo suricata -c /etc/suricata/suricata.yaml -i eth0

and get the following warning

<Warning> - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] - Eve-log support not compiled in. Reconfigure/recompile with libjansson and its development files installed to add eve-log support.

I compilied and install Jannson as outlined here and then rebuilt Suricata as follows.

sudo make
sudo make-install
sudo make-install-full

and everything proceeded without any errors. However I still get the SC_ERR_NOT_SUPPORTED warning. I did a search for the error message and found a link that said it was a known issue that won't be fixed due to an issue with the Jannson library. Is this the case? If so, can I disable this warning?

Answer 1

I was running into the same issue on my Ubuntu box, here's what I did to get rid of it.

1. Go install the libjansson 2.7 library. You can find it here.

2. Run these commands to recompile with the new libjansson library.

   ./configure <whatever flags you had before> --with-libjansson libraries=/path/to/lib/dir --with-libjansson-includes=/path/to/include/dir
   make
   sudo make install
   

3. Run suricata to make sure the warning went away.

   sudo suricata -c /etc/suricata/suricata.yaml -i <interface>
   

Answer 2

I ran into same problem in CentOS 7.

Install package:

yum install jansson

Then I ran configure script as below :

./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --with-libjansson-libraries=/usr/lib64 --with-libjansson-includes=/usr/include <some other flags>

I am using 64-bit machine that's why it's /usr/lib64, otherwise it should be /usr/lib.

Compile the codes:

make
make install-full

Run suricata:

LD_LIBRARY_PATH=/usr/lib /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

eth0 is interface (device) name here.