pcap not being created

[richrumble]

python r2a.py -C /etc/suricata/suricata-debian.yaml -f rules/emerging-all.rules -e 1.2.3.4 -m 10.0.0.123 -w test.pcap -v
using Linux Mint
python-yaml, python-scapy are installed. Python 2.7.6 is installed.
Output errors from the above command can be found here: http://justpaste.it/obsk

[pevma]

Does it make the rule/pcap pairs?
I could not see from the output. There are a number of errors - but those could be for a valid reason - keyword not implement for example.

[richrumble]

Nothing is written unfortunately. I'm going to try on a windows host next, I'll let you know how that goes.
And in a security "best practice" I was running as root ;)

[pevma]

You can have a look in the "failed/good" streams folders.

[richrumble]

Readme.txt is all that are in those...
Same for windows... nothing written. There are more errors on windows too, I can make another issue for that if you wanted to support that :(

[richrumble]

If I constrain the rules that will build, I can create pcap's on each win/linux.

[pevma]

Ok.
Can you pinpoint which rule is causing that?
One more question - what do you mean by "each win/linux" ?

[richrumble]

I've got it working on windows and linux (py27), I've not narrowed it down to a specific rule yet, just the 3174 rules that do work. I'll try the inverse soon.