[Oisf-devel] Suricata dies (core dump) w/ multiple NICs

Peter Manev petermanev at gmail.com
Thu May 21 09:10:23 UTC 2015 

On Thu, May 21, 2015 at 1:02 AM, Eduardo Meyer <dudu.meyer at gmail.com> wrote:
> Hello,
>
> I am running Suricata 2.0.8 RELEASE with 3 interfaces, and from times to
> times suricata simply dies. This is the process arguments in use:
>
> root         45492   1.0  1.5 1299164 251564  -  Is    4:20PM    84:38.13
> /usr/local/bin/suricata -D -i bridge1 -i bridge2 -i bridge0 --pidfile
> /var/run/suricata_bridge0.pid -c /usr/local/etc/suricata/suricata.yaml
>
> I could not find a pattern when Suricata dies. Sometimes it's a high
> pps/memory/bandwidth usage profile, sometimes it's a low demand hour with
> just a couple pps passing the suricata system.
>
> It never dies with a single interface. It dies for bridged ports, trunked
> ports as well as for physical untagged ports, so it does not seem to be
> related to virtual or real NICs it's listening at, although I noticed it
> dies more frequently on bridged interfaces like the above scenario.
>
> Is there anything I should look at with special attention on suricata.yaml?
>
> I have a suricata.core everytime it dies. How can I produce useful
> information from it?

If you have a core dump and can reproduce the issue consistently - you
can have a look at this guide here -
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs
how to extract useful info. Then you can open a bug report should you consider.

Thank you

>
> Thank you.
>
>
> --
> ===========
> Eduardo Meyer
> pessoal: dudu.meyer at gmail.com
> profissional: ddm.farmaciap at saude.gov.br
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Developer Training in Copenhagen Sept 14-18:
> http://suricata-ids.org/training/



-- 
Regards,
Peter Manev

More information about the Oisf-devel mailing list