[Oisf-devel] request: error opening file not break Suricata starting

Victor Julien victor at inliniac.net
Thu Dec 6 22:01:49 UTC 2012 

On 12/06/2012 09:11 PM, rmkml wrote:
> Hi,
> If I start Suricata with a no exist pcap/rule file, Suricata continue
> starting, example:
> 
> 6/12/2012 -- 20:41:00 - <Info> - This is Suricata version 1.3.5 RELEASE
> 6/12/2012 -- 20:41:00 - <Info> - CPUs/cores online: 1
> 6/12/2012 -- 20:41:01 - <Info> - AutoFP mode using default "Active
> Packets" flow load balancer
> 6/12/2012 -- 20:41:01 - <Info> - preallocated 1024 packets. Total memory
> 3135488
> 6/12/2012 -- 20:41:01 - <Info> - allocated 131072 bytes of memory for
> the host hash... 4096 buckets of size 32
> 6/12/2012 -- 20:41:01 - <Info> - preallocated 1000 hosts of size 72
> 6/12/2012 -- 20:41:01 - <Info> - host memory usage: 203072 bytes,
> maximum: 16777216
> 6/12/2012 -- 20:41:01 - <Info> - allocated 2097152 bytes of memory for
> the flow hash... 65536 buckets of size 32
> 6/12/2012 -- 20:41:01 - <Info> - preallocated 10000 flows of size 176
> 6/12/2012 -- 20:41:01 - <Info> - flow memory usage: 3857152 bytes,
> maximum: 33554432
> 6/12/2012 -- 20:41:01 - <Info> - using magic-file /usr/share/file/magic
> 6/12/2012 -- 20:41:11 - <Error> - [ERRCODE:
> SC_ERR_OPENING_RULE_FILE(41)] - opening rule file abc.rules: No such
> file or directory.
> 6/12/2012 -- 20:41:11 - <Info> - 81 rule files processed. 8202 rules
> succesfully loaded, 10 rules failed
> 6/12/2012 -- 20:41:28 - <Info> - 8241 signatures processed. 15 are
> IP-only rules, 5821 are inspecting packet payload, 2396 inspect
> application layer, 72 are decoder event only
> 6/12/2012 -- 20:41:28 - <Info> - building signature grouping structure,
> stage 1: adding signatures to signature source addresses... complete
> 6/12/2012 -- 20:41:29 - <Info> - building signature grouping structure,
> stage 2: building source address list... complete
> 6/12/2012 -- 20:42:19 - <Info> - building signature grouping structure,
> stage 3: building destination address lists... complete
> ...
> 
> It's possible to break Suricata starting if file not exist please?

Add --init-errors-fatal to your commandline.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-devel mailing list