Hello,
I have a similar problem. Zentyal 7.0, suricata 6.0.2, zentyal-ips 7.0.0, used virtual machine and br0 and eth0 interfaces
I installed the zentyal-ips package and it also installed the dependency suricata package. I enabled IDS/IPS and setup it on br0 then it disable all traffic (services) over LAN and suricata.service doesn't run and zentyal-ips module disabled.
When I enabled IDS/IPS and setup it on eth0 then LAN traffic enabled but suricata.service doesn't run and zentyal-ips module "Running".
I removed zentyal-ips and suricata then I install they again.
root@srv04:~# apt-get --purge remove zentyal-ips
root@srv04:~# apt-get --purge remove suricata
root@srv04:~# rm -rf /var/log/suricata
root@srv04:~# rm -rf /etc/suricata
root@srv04:~# rm -rf /etc/default/suricata
root@srv04:~# apt-get install zentyal-ips
I checked suricata status
root@srv04:~# systemctl status suricata.service
● suricata.service - LSB: Next Generation IDS/IPS
Loaded: loaded (/etc/init.d/suricata; generated)
Active: active (running) since Mon 2021-05-17 13:35:41 CEST; 35s ago
Docs: man:systemd-sysv-generator(
Tasks: 14 (limit: 19013)
Memory: 83.1M
CGroup: /system.slice/suricata.service
└─383442 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -D>
máj 17 13:35:41 srv04 systemd[1]: Starting LSB: Next Generation IDS/IPS...
máj 17 13:35:41 srv04 suricata[383422]: Starting suricata in IDS (af-packet) mode... done.
máj 17 13:35:41 srv04 systemd[1]: Started LSB: Next Generation IDS/IPS.
I don't understand why it used suricata.yaml when /etc/default/suricata includes SURCONF=/etc/suricata/suricata-debian.yaml parameter.
I enabled IDS/IPS on Webadmin but not setup it any interface and suricata.service exited and doesn't use SURFCONF parameter
root@srv04:~# systemctl status suricata.service
● suricata.service - LSB: Next Generation IDS/IPS
Loaded: loaded (/etc/init.d/suricata; generated)
Active: active (exited) since Mon 2021-05-17 13:38:27 CEST; 1min 4s ago
Docs: man:systemd-sysv-generator(
Tasks: 0 (limit: 19013)
Memory: 0B
CGroup: /system.slice/suricata.service
máj 17 13:38:27 srv04 systemd[1]: Starting LSB: Next Generation IDS/IPS...
máj 17 13:38:27 srv04 suricata[391965]: Starting suricata in IPS (nfqueue) mode... done.
máj 17 13:38:27 srv04 systemd[1]: Started LSB: Next Generation IDS/IPS.
Can someone help me?
Thanks and Regards