np, glad if you make it work :)<br><br><div class="gmail_quote">On Sat, Sep 8, 2012 at 4:41 PM, Stefan Sabolowitsch <span dir="ltr"><<a href="mailto:Stefan.Sabolowitsch@felten-group.com" target="_blank">Stefan.Sabolowitsch@felten-group.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="direction:ltr;font-size:10pt;font-family:Tahoma">Hi Peter, Eric,<div class="im"><br>
<br>
>>I remember Martin Holste saying something about pgrep...that "pgrep suricata"<br>
>>would not grep Suricata 1.4xxx, one would have to do "pgrep Suricata" - could that be some sort of an issue?<br>
<br></div>
Ahhhh, i will test<br>
# check if PID already running<br>
if [ -z "${PID}" ] || [ $(ps -ef | grep $APP | grep $PID | grep -v grep | wc -l) -eq 0 ]<br>
then<br>
<br>
big thanks for your hints and tips :)<br>
<br>
Stefan<br>
<br>
<div style="font-size:16px;font-family:Times New Roman">
<hr>
<div style="direction:ltr"><font color="#000000" face="Tahoma"><b>Von:</b> Peter Manev [<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>]<br>
<b>Gesendet:</b> Samstag, 8. September 2012 16:35<br>
<b>Bis:</b> Stefan Sabolowitsch<br>
<b>Cc:</b> Eric Leblond; <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><div><div class="h5"><br>
<b>Betreff:</b> Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an latest v1.4beta<br>
</div></div></font><br>
</div><div><div class="h5">
<div></div>
<div>Hi Stefan,<br>
<br>
could it be a nsm-sensor issue?<br>
I havn't had that problem with just restarting Suricata, what does "nsm-sensor --restart" do , the code/shell script itself?<br>
<br>
I remember Martin Holste saying something about pgrep...that "pgrep suricata" would not grep Suricata 1.4xxx, one would have to do "pgrep Suricata" - could that be some sort of an issue?<br>
<br>
thank you<br>
<br>
<br>
<div class="gmail_quote">On Sat, Sep 8, 2012 at 4:30 PM, Stefan Sabolowitsch <span dir="ltr">
<<a href="mailto:Stefan.Sabolowitsch@felten-group.com" target="_blank">Stefan.Sabolowitsch@felten-group.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="direction:ltr;font-size:10pt;font-family:Tahoma">Hi Peter, Eric<br>
i use NSMNow from SecurixLive with sguil.<br>
<br>
<a href="http://www.securixlive.com/nsmnow/index.php" target="_blank">http://www.securixlive.com/nsmnow/index.php</a><br>
<br>
When i take "nsm-sensor --restart" (example update rules set), then i get this problem with 1.4beta (not with v1.3.1).<br>
<br>
Best regards<br>
Stefan<br>
<div style="font-size:16px;font-family:Times New Roman">
<hr>
<div style="direction:ltr"><font color="#000000" face="Tahoma"><b>Von:</b> Peter Manev [<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>]<br>
<b>Gesendet:</b> Samstag, 8. September 2012 16:22<br>
<b>Bis:</b> Eric Leblond<br>
<b>Cc:</b> Stefan Sabolowitsch; <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">
oisf-users@openinfosecfoundation.org</a>
<div>
<div><br>
<b>Betreff:</b> Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an latest v1.4beta<br>
</div>
</div>
</font><br>
</div>
<div>
<div>
<div></div>
<div>Hi Stefan,<br>
<br>
I have not experienced the same problem.<br>
You mean - you stop Suricata - "Ctrl-C" or you kill the process ?<br>
<br>
thanks<br>
<br>
<div class="gmail_quote">On Sat, Sep 8, 2012 at 3:17 PM, Eric Leblond <span dir="ltr">
<<a href="mailto:eric@regit.org" target="_blank">eric@regit.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Le samedi 08 septembre 2012 à 12:50 +0000, Stefan Sabolowitsch a écrit :<br>
<div>> Peter maybe, i have found the error.<br>
><br>
> There is a bug in 1.4beta<br>
><br>
> If suricata will stopped or restarted, the old processes always active<br>
> and new processes will generated therefore this errormessage.<br>
<br>
</div>
How long are you waiting for suricata to get dead ? The time it takes to<br>
get down may have increase between 1.3.1 and 1.4beta1.<br>
<br>
Could you wait a bit to see if it is leaving ?<br>
<br>
BR,<br>
<div>
<div><br>
><br>
> On v1.3.1 ist see this error not.<br>
><br>
><br>
><br>
> Best regards<br>
><br>
> Stefan<br>
><br>
><br>
><br>
><br>
><br>
> Von: Peter Manev [mailto:<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>]<br>
> Gesendet: Samstag, 8. September 2012 09:11<br>
> An: Stefan Sabolowitsch<br>
> Cc: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
> Betreff: Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1<br>
> an latest v1.4beta<br>
><br>
><br>
><br>
> Hi,<br>
><br>
> I don't understand - you are getting:<br>
> "thread - "RxPcapbr01". Killing engine."<br>
><br>
> but everything is ok?<br>
><br>
> thanks<br>
><br>
> On Fri, Sep 7, 2012 at 5:54 PM, Stefan Sabolowitsch<br>
> <<a href="mailto:Stefan.Sabolowitsch@felten-group.com" target="_blank">Stefan.Sabolowitsch@felten-group.com</a>> wrote:<br>
><br>
> Hi all,<br>
> i get this error code on on v1.3.1 an latest v1.4beta.<br>
><br>
> 7/9/2012 -- 15:35:27 - (tm-threads.c:1687) <Error><br>
> (TmThreadDisableThreadsWithTMS) -- [ERRCODE: SC_ERR_FATAL(177)] -<br>
> Engine unable to disable detect<br>
> thread - "RxPcapbr01". Killing engine.<br>
><br>
> But it seems everything is OK ??<br>
> Any idea ?<br>
><br>
> Thanks<br>
> Stefan<br>
> _______________________________________________<br>
> Oisf-users mailing list<br>
> <a href="mailto:Oisf-users@openinfosecfoundation.org" target="_blank">Oisf-users@openinfosecfoundation.org</a><br>
> <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
><br>
><br>
><br>
><br>
><br>
> --<br>
><br>
> Regards,<br>
><br>
><br>
> Peter Manev<br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Oisf-users mailing list<br>
> <a href="mailto:Oisf-users@openinfosecfoundation.org" target="_blank">Oisf-users@openinfosecfoundation.org</a><br>
> <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
--<br>
</div>
</div>
<span><font color="#888888">Eric Leblond<br>
Blog: <a href="http://home.regit.org/" target="_blank">http://home.regit.org/</a> - Portfolio:
<a href="http://regit.500px.com/" target="_blank">http://regit.500px.com/</a><br>
</font></span></blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div>Regards,</div>
<div>Peter Manev</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div>Regards,</div>
<div>Peter Manev</div>
<br>
</div>
</div></div></div>
</div>
</div>
</blockquote></div><br><br clear="all"><br>-- <br><div>Regards,</div>
<div>Peter Manev</div><br>