No Divert Listener With Suricata Despite Showing in Logs

William B. Sat, 31 Jan 2026 13:09:43 -0800

I am showing no divert listener for the Suricata package despite following
the package documentation and the listener itself being referenced in the
Suricata log output.  This prevents IPS functionality from working.



OpenBSD 7.8 GENERIC.MP#1 amd64 (with latest patchset applied via syspatch)


pkg_info suricata

Information for inst:suricata-7.0.7p0

Per package docs -d flag is set via:

rcctl set suricata flags -d 700

Suricata shows as running with appropriate flags:

 ps ax | grep suricata

16254 ??  Sp       0:49.10 /usr/local/bin/suricata -D -d 700

Suricata logs reference port 700 listener and show no errors:

[16254 - Suricata-Main] 2026-01-31 13:00:14 Info: counters: Alerts: 0

[28910 - Suricata-Main] 2026-01-31 13:00:15 Notice: suricata: This is
Suricata version 7.0.7 RELEASE running in SYSTEM mode

[28910 - Suricata-Main] 2026-01-31 13:00:15 Info: cpu: CPUs/cores online: 4

[28910 - Suricata-Main] 2026-01-31 13:00:15 Info: exception-policy:
master exception-policy set to: auto

[28910 - Suricata-Main] 2026-01-31 13:00:15 Info: suricata: Use pid
file /var/run/suricata/suricata.pid from config file.

[96635 - Suricata-Main] 2026-01-31 13:00:15 Info: conf: Running in
live mode, activating unix socket

[96635 - Suricata-Main] 2026-01-31 13:00:15 Info: logopenfile: fast
output device (regular) initialized: fast.log

[96635 - Suricata-Main] 2026-01-31 13:00:15 Info: logopenfile: eve-log
output device (regular) initialized: eve.json

[96635 - Suricata-Main] 2026-01-31 13:00:15 Info: logopenfile: stats
output device (regular) initialized: stats.log

[96635 - Suricata-Main] 2026-01-31 13:00:19 Info: detect: 1 rule files
processed. 48074 rules successfully loaded, 0 rules failed, 0

[96635 - Suricata-Main] 2026-01-31 13:00:19 Info: threshold-config:
Threshold config parsed: 0 rule(s) found

[96635 - Suricata-Main] 2026-01-31 13:00:19 Info: detect: 48077
signatures processed. 1266 are IP-only rules, 4456 are inspecting
packet payload, 42138 inspect application layer, 108 are decoder event
only

[96635 - Suricata-Main] 2026-01-31 13:00:26 Info: unix-manager: unix
socket '/var/run/suricata/suricata-command.socket'

[96635 - RX-700] 2026-01-31 13:00:26 Info: ipfw: Thread 'RX-700' will
run on port 700 (item 0)

[96635 - Suricata-Main] 2026-01-31 13:00:26 Notice: threads: Threads
created -> RX: 1 W: 4 TX: 1 FM: 1 FR: 1   Engine started.

There is no such listener:

netstat -an | grep LISTEN

tcp          0      0  192.168.1.1.22         *.*                    LISTEN

tcp          0      0  127.0.0.1.25           *.*                    LISTEN

tcp          0      0  127.0.0.1.53           *.*                    LISTEN

tcp          0      0  192.168.2.1.53         *.*                    LISTEN

tcp          0      0  192.168.1.1.53         *.*                    LISTEN

tcp6         0      0  ::1.25                 *.*                    LISTEN

tcp6         0      0  fe80::1%lo0.25         *.*                    LISTEN

No Divert Listener With Suricata Despite Showing in Logs

Reply via email to