Hi all, i use suricata engine version 1.2.1<br clear="all">it works fine for a month, but one time it starts crashing. Now, it can work 1-2 days and crash, but can crash after 5-10 minutes working<br><br>Here is my suricata output<br>
<br>7/6/2012 -- 14:44:57 - <Info> - This is Suricata version 1.2.1 RELEASE<br>7/6/2012 -- 14:44:57 - <Info> - CPUs/cores online: 4<br>7/6/2012 -- 14:44:57 - <Info> - Found an MTU of 1500 for 'eth1'<br>
7/6/2012 -- 14:44:57 - <Info> - Using PCRE match-limit setting of: 3500<br>7/6/2012 -- 14:44:57 - <Info> - preallocated 50 packets. Total memory 156000<br>7/6/2012 -- 14:44:57 - <Info> - allocated 524288 bytes of memory for the flow hash... 65536 buckets of size 8<br>
7/6/2012 -- 14:44:57 - <Info> - preallocated 10000 flows of size 168<br>7/6/2012 -- 14:44:57 - <Info> - flow memory usage: 2204288 bytes, maximum: 33554432<br>7/6/2012 -- 14:45:03 - <Info> - 1 rule files processed. 11833 rules succesfully loaded, 0 rules failed<br>
7/6/2012 -- 14:45:15 - <Info> - 11841 signatures processed. 724 are IP-only rules, 3627 are inspecting packet payload, 8959 inspect application layer, 0 are decoder event only<br>7/6/2012 -- 14:45:15 - <Info> - building signature grouping structure, stage 1: adding signatures to signature source addresses... complete<br>
7/6/2012 -- 14:45:15 - <Info> - building signature grouping structure, stage 2: building source address list... complete<br>7/6/2012 -- 14:45:17 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete<br>
7/6/2012 -- 14:45:19 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "threshold.config": No such file or directory<br>7/6/2012 -- 14:45:19 - <Info> - Core dump size set to unlimited.<br>
7/6/2012 -- 14:45:19 - <Info> - Unified2-alert initialized: filename suricata.u2, limit 32 MB<br>7/6/2012 -- 14:45:19 - <Info> - Using 1 live device(s).<br>7/6/2012 -- 14:45:19 - <Info> - Unable to find pcap config for interface eth1, using default value<br>
7/6/2012 -- 14:45:19 - <Info> - using interface eth1<br>7/6/2012 -- 14:45:19 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.<br>7/6/2012 -- 14:45:19 - <Info> - RunModeIdsPcapAuto initialised<br>
7/6/2012 -- 14:45:19 - <Info> - stream "max_sessions": 262144<br>7/6/2012 -- 14:45:19 - <Info> - stream "prealloc_sessions": 32768<br>7/6/2012 -- 14:45:19 - <Info> - stream "memcap": 33554432<br>
7/6/2012 -- 14:45:19 - <Info> - stream "midstream" session pickups: disabled<br>7/6/2012 -- 14:45:19 - <Info> - stream "async_oneside": disabled<br>7/6/2012 -- 14:45:19 - <Info> - stream "checksum_validation": enabled<br>
7/6/2012 -- 14:45:19 - <Info> - stream."inline": disabled<br>7/6/2012 -- 14:45:19 - <Info> - stream.reassembly "memcap": 67108864<br>7/6/2012 -- 14:45:19 - <Info> - stream.reassembly "depth": 1048576<br>
7/6/2012 -- 14:45:19 - <Info> - stream.reassembly "toserver_chunk_size": 2560<br>7/6/2012 -- 14:45:19 - <Info> - stream.reassembly "toclient_chunk_size": 2560<br>7/6/2012 -- 14:45:19 - <Info> - all 10 packet processing threads, 1 management threads initialized, engine started.<br>
7/6/2012 -- 14:45:22 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used<br>Segmentation fault (core dumped) <br><br>I get segmentation fault error after 5 minutes working.<br><br>
<div>
I see an error opening "threshold.config", but i don't use it in my suricata.yaml config file.</div><div><br></div>