Package: suricata Version: 3.1.2-2~bpo8+1 Recognized the Suricata won't start with unix-command socket configuration. The reason is the /var/run/suricata directory is not created as the suricata.service file is missing the dependency.
Workaround was to add lines to suricata.service file: # grep ExecStartPre /lib/systemd/system/suricata.service ExecStartPre=-/bin/mkdir /var/run/suricata ExecStartPre=/bin/chown -R suri:suri /var/run/suricata The second issue is the cron job suricata-oinkmaster-updater is not using socket path as the attribute for suricatasc and that tool use /var/run/suricata-command.socket by default. Unfortunately suri user has no privileges to create socket in that path. Workaround was to call suricatasc with socket argument: # grep SOCKET /etc/cron.daily/suricata-oinkmaster-updater COMMAND_SOCKET="/var/run/suricata/suricata-command.socket" $SURICATASC_BIN -c reload-rules "$COMMAND_SOCKET" The third issue is the ExecReload command from service file does not work (unix-command needs to be enabled and configured and suricatasc called properly): # grep ExecReload /lib/systemd/system/suricata.service ExecReload=/usr/bin/suricatasc -c reload-rules ; /bin/kill -HUP $MAINPID # /usr/bin/suricatasc -c reload-rules Unable to connect to socket /var/run//suricata-command.socket: [Errno 2] No such file or directory Once the /var/run/suricata will took place, it would be best to move PID file to that directory. -- Peter Viskup
