<div dir="ltr">I tried changing this now, and creating the directory /var/log/suricata/core. But still no dump. Running with sudo i get just "Segmentation fault", without sudo i get "Segmentation fault (core dumped)", but no core dump.</div><div class="gmail_extra"><br><div class="gmail_quote">2016-01-05 14:56 GMT+01:00 Peter Manev <span dir="ltr"><<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, 2016-01-05 at 14:52 +0100, Andreas Moe wrote:<br>
> I tried this: suricata -c /etc/suricata/suricata.yaml -i eth0 --set<br>
> logging.outputs.file.enabled=yes --set<br>
> logging.outputs.filename=/tmp/suricata.log --set<br>
> logging.outputs.format=json<br>
> And i got a "Segmentation fault (core dumped)".<br>
><br>
><br>
> System:<br>
> - Linux localhost.localdomain 4.2.6-301.fc23.x86_64 #1 SMP Fri Nov 20<br>
> 22:22:41 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux<br>
> - Fedora release 23 (Twenty Three)<br>
> - Suricata 3.0dev (rev 44a444b)<br>
><br>
><br>
> Btw any tips on finding the core dump file? The docs<br>
> (<a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs" rel="noreferrer" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs</a>) say it should be in "the current working directory of Suricata". I checked my current working dir when i ran the command, /var/log/suricata, /etc/suricata, and so on, but did not find it.<br>
<br>
</span>In suricata.yaml - the default daemon section should look like this (if<br>
you have not changed it).<br>
<br>
# Daemon working directory<br>
# Suricata will change directory to this one if provided<br>
# Default: "/"<br>
<br>
If you keep the defaults it should drop the core there - "/".<br>
<br>
On some installations of mine i have set it up asĀ -<br>
daemon-directory: "/var/log/suricata/core" - and if there is a core i<br>
gets dropped there.<br>
<br>
<br>
><br>
><br>
> /AndreasM<br>
> _______________________________________________<br>
> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
> Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" rel="noreferrer" target="_blank">http://oisfevents.net</a><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Regards,<br>
Peter Manev<br>
<br>
</font></span></blockquote></div><br></div>