<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 12, 2013 at 7:51 AM, C. L. Martinez <span dir="ltr"><<a href="mailto:carlopmart@gmail.com" target="_blank">carlopmart@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Mon, Jun 10, 2013 at 7:53 AM, C. L. Martinez <<a href="mailto:carlopmart@gmail.com">carlopmart@gmail.com</a>> wrote:<br>
> On Mon, Jun 10, 2013 at 7:47 AM, Victor Julien <<a href="mailto:lists@inliniac.net">lists@inliniac.net</a>> wrote:<br>
>> On 06/10/2013 09:38 AM, C. L. Martinez wrote:<br>
>>> On Mon, Jun 10, 2013 at 7:38 AM, Peter Manev <<a href="mailto:petermanev@gmail.com">petermanev@gmail.com</a>> wrote:<br>
>>>> On Mon, Jun 10, 2013 at 9:36 AM, C. L. Martinez <<a href="mailto:carlopmart@gmail.com">carlopmart@gmail.com</a>> wrote:<br>
>>>>> Hi all,<br>
>>>>><br>
>>>>> I have installed Suricata 1.4.2 in an OpenBSD 5.3 amd64 host. From<br>
>>>>> time to time, suricata goes down and I suspect that the problem maybe<br>
>>>>> is with memcap options but I am not to be sure.<br>
>>>>><br>
>>>>> It doesn't produces any core dump, only goes down ... How can I debug this??<br>
>>>>> _______________________________________________<br>
>>>>> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
>>>>> Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
>>>>> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
>>>>> OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
>>>><br>
>>>><br>
>>>> Hi ,<br>
>>>><br>
>>>> What do you mean "goes down" - stops/exits?<br>
>>>><br>
>>>> thanks<br>
>>>><br>
>>>><br>
>>>> --<br>
>>>> Regards,<br>
>>>> Peter Manev<br>
>>><br>
>>> stops ... and no log error is produced ...<br>
>><br>
>> The first thing I'd check if there is anything logged in the system<br>
>> logs. In Linux a crashing program is often logged in dmesg for example,<br>
>> maybe openbsd does something similar?<br>
>><br>
>> Also, try not daemonizing suricata, but run it in the foreground. Then<br>
>> you'll see if suri prints some error.<br>
>><br></div></div>
maximum: 16777216<br>
12/6/2013 -- 05:48:29 - <Info> - cleaning up signature grouping<br>
structure... complete<br>
<br>
suricata process doesn't stops ... It seems the problem only appears<br>
when I run suricata in daemonized mode ...<br></blockquote><div><br></div><div>1. I see a "live rule swap" - could you try running it without the live swaps?<br></div><div>2. what does suricata.log say when you run it in daemon mode and it stops?<br>
</div><div> <br></div><div>thanks<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Is this possible??<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div>Regards,</div>
<div>Peter Manev</div>
</div></div>