<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0">I am running in IDS mode. OS version still 14.04.</p>
<p style="margin-top:0;margin-bottom:0">It started yesterday (2 Aug) after running "soup".</p>
<p style="margin-top:0;margin-bottom:0">This is the update log starting from yesterday:</p>
<p style="margin-top:0;margin-bottom:0"></p>
<div>/var/log# cat dpkg.log</div>
<div>2018-08-02 00:01:31 startup archives unpack</div>
<div>2018-08-02 00:01:34 upgrade libjansson4:amd64 2.5-2 2.5-2ubuntu0.1</div>
<div>2018-08-02 00:01:34 status half-configured libjansson4:amd64 2.5-2</div>
<div>2018-08-02 00:01:34 status unpacked libjansson4:amd64 2.5-2</div>
<div>2018-08-02 00:01:34 status half-installed libjansson4:amd64 2.5-2</div>
<div>2018-08-02 00:01:34 status half-installed libjansson4:amd64 2.5-2</div>
<div>2018-08-02 00:01:34 status unpacked libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-02 00:01:34 status unpacked libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-02 00:01:35 startup packages configure</div>
<div>2018-08-02 00:01:35 configure libjansson4:amd64 2.5-2ubuntu0.1 <none></div>
<div>2018-08-02 00:01:35 status unpacked libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-02 00:01:35 status half-configured libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-02 00:01:35 status installed libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-02 00:01:35 status triggers-pending libc-bin:amd64 2.19-0ubuntu6.14</div>
<div>2018-08-02 00:01:35 trigproc libc-bin:amd64 2.19-0ubuntu6.14 <none></div>
<div>2018-08-02 00:01:35 status half-configured libc-bin:amd64 2.19-0ubuntu6.14</div>
<div>2018-08-02 00:01:35 status installed libc-bin:amd64 2.19-0ubuntu6.14</div>
<div>2018-08-03 00:09:48 startup archives unpack</div>
<div>2018-08-03 00:09:51 upgrade libjansson4:amd64 2.5-2ubuntu0.1 2.5-2ubuntu0.2</div>
<div>2018-08-03 00:09:51 status half-configured libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-03 00:09:51 status unpacked libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-03 00:09:51 status half-installed libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-03 00:09:51 status half-installed libjansson4:amd64 2.5-2ubuntu0.1</div>
<div>2018-08-03 00:09:51 status unpacked libjansson4:amd64 2.5-2ubuntu0.2</div>
<div>2018-08-03 00:09:51 status unpacked libjansson4:amd64 2.5-2ubuntu0.2</div>
<div>2018-08-03 00:09:51 startup packages configure</div>
<div>2018-08-03 00:09:51 configure libjansson4:amd64 2.5-2ubuntu0.2 <none></div>
<div>2018-08-03 00:09:51 status unpacked libjansson4:amd64 2.5-2ubuntu0.2</div>
<div>2018-08-03 00:09:51 status half-configured libjansson4:amd64 2.5-2ubuntu0.2</div>
<div>2018-08-03 00:09:51 status installed libjansson4:amd64 2.5-2ubuntu0.2</div>
<div>2018-08-03 00:09:51 status triggers-pending libc-bin:amd64 2.19-0ubuntu6.14</div>
<div>2018-08-03 00:09:52 trigproc libc-bin:amd64 2.19-0ubuntu6.14 <none></div>
<div>2018-08-03 00:09:52 status half-configured libc-bin:amd64 2.19-0ubuntu6.14</div>
<div>2018-08-03 00:09:52 status installed libc-bin:amd64 2.19-0ubuntu6.14</div>
<br>
<p></p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Peter Manev <petermanev@gmail.com><br>
<b>Sent:</b> Friday, August 3, 2018 11:04 AM<br>
<b>To:</b> Serge Malev<br>
<b>Cc:</b> Peter Fyon; oisf-users@lists.openinfosecfoundation.org<br>
<b>Subject:</b> Re: [Oisf-users] Crash in 4.0.5 when receiving packets</font>
<div> </div>
</div>
<meta content="text/html; charset=utf-8">
<div dir="auto"><br>
<div><br>
On 3 Aug 2018, at 01:26, Serge Malev <<a href="mailto:smalev@hotmail.com">smalev@hotmail.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<p style="margin-top:0; margin-bottom:0">I am having the same problem. Suricata tries to restart every 5 minutes and crashes with the same error.</p>
<p style="margin-top:0; margin-bottom:0"><br>
</p>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>Hi,</div>
<div><br>
</div>
<div>Are you using IDS or IPS mode?</div>
<div><br>
</div>
<div>Thank you</div>
<br>
<blockquote type="cite">
<div>
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<p style="margin-top:0; margin-bottom:0"></p>
<p style="margin-top:0; margin-bottom:0"><br>
</p>
<br>
<br>
<div style="color:rgb(0,0,0)">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Oisf-users <<a href="mailto:oisf-users-bounces@lists.openinfosecfoundation.org">oisf-users-bounces@lists.openinfosecfoundation.org</a>>
 on behalf of Peter Fyon <<a href="mailto:peter.fyon@gmail.com">peter.fyon@gmail.com</a>><br>
<b>Sent:</b> Friday, August 3, 2018 8:56 AM<br>
<b>To:</b> <a href="mailto:oisf-users@lists.openinfosecfoundation.org">oisf-users@lists.openinfosecfoundation.org</a><br>
<b>Subject:</b> [Oisf-users] Crash in 4.0.5 when receiving packets</font>
<div> </div>
</div>
<meta content="text/html; charset=utf-8">
<div>
<div dir="ltr">
<div>Hey suricata users,</div>
<div><br>
</div>
<div>I upgraded suricata from 4.0.4 to 4.0.5 using the ppa last night and now suricata crashes when it (presumably) receives its first packet. I say presumably because if I physically bypass suricata, it doesn't crash. When I put it back inline, it crashes.<br>
</div>
<div><br>
</div>
<div>When I start it with:</div>
<div>/usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -vvv</div>
<div><br>
</div>
<div>It dies and spits the following to stdout:<br>
</div>
<div>suricata: dump.c:337: do_dump: Assertion `value' failed.</div>
<div><br>
</div>
<div>Nothing has changed in my config between 4.0.4 and 4.0.5.</div>
<div><br>
</div>
<div>Peter<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">
oisf-users@openinfosecfoundation.org</a></span><br>
<span>Site: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuricata-ids.org&data=02%7C01%7C%7C65bc788eeb2e421bbc9c08d5f8dd1cee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688550914534974&sdata=S%2BAsVIkTEkZJhFvPYFjN42M5BvPwrJYz8%2FuNFLq0cec%3D&reserved=0" originalsrc="http://suricata-ids.org" shash="wfwLe8EIaiXQMsew3ugOaSFj0p5eSMfNeU6Ym8S+1I4PT/FKHKiLao55E91W1qraXl7pQT8eYr8X8VkyxCxduuOHXCSoFuNe+FqtBUSZ4LYLaim+oHKZnklwkre3CzTjSUibw5YCh4RLoOo+KI1M/yYf02Qo0w8/8J7dPOASln8=">
http://suricata-ids.org</a> | Support: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuricata-ids.org%2Fsupport%2F&data=02%7C01%7C%7C65bc788eeb2e421bbc9c08d5f8dd1cee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688550914534974&sdata=ZT8eK%2FuYJuySFdArAbyu08L3WS68Ok9RjGuVru8FcQ8%3D&reserved=0" originalsrc="http://suricata-ids.org/support/" shash="OBhpU51eaOBjpUUgu6BC687A/jZOZ5y0MtYC/mWsqOlLxx1RKMlNFJrilkoJTq3Rqrl72MKICU8OzNja5Gfg9VLCQGovWJjKwmQXDHy9xhfPAhPrAnykOIJQJy1iJks1RLUgiNtRIbSiknSpl+7thG/DLMKiq9vP8JtR+V0I8VA=">
http://suricata-ids.org/support/</a></span><br>
<span>List: <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openinfosecfoundation.org%2Fmailman%2Flistinfo%2Foisf-users&data=02%7C01%7C%7C65bc788eeb2e421bbc9c08d5f8dd1cee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688550914534974&sdata=lgCKe6eA%2BllAYg2pXO%2BArHGq7p%2Bqc%2BOUehdf7sxQZro%3D&reserved=0" originalsrc="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" shash="okLHz6axCkECHk9W6IpFWWUIyMF5jd6ABiqkFFc6PmRdmqllbT4KGToaJM5vVEr2wZVq4KHAGW0DSm0PaD4XFYGm89aubaUF/WMPiQwblWXHRFiT9vfPCQqyE9scTdwkLE6MvhIZWzddAme1iZeNeBIrfaEPi7tDFoEu3yN4xCQ=">
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br>
<span></span><br>
<span>Conference: <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuricon.net&data=02%7C01%7C%7C65bc788eeb2e421bbc9c08d5f8dd1cee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688550914534974&sdata=42VoC3mZxrI%2FXeV2lDJzn7%2BEILAYuZQDQOkM9pGFjTI%3D&reserved=0" originalsrc="https://suricon.net" shash="ZlrMbjcZR7NfoCwHynqpXW6PvvEFEGMkFCRL4X3BOyDBfu7lUViSgzOPXhzJQqMQtZn56L/ei2+PYIl4TnCjH/FsydVvXAPzbOAlGRPOLMDFdEyVsyZtuoRQV/WimeEDuVnStk3zFjFWG5QAX0OkFGIklOsj/kWdNIMgzpVQjtY=">
https://suricon.net</a></span><br>
<span>Trainings: <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuricata-ids.org%2Ftraining%2F&data=02%7C01%7C%7C65bc788eeb2e421bbc9c08d5f8dd1cee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688550914534974&sdata=zYsG50xuh5iucPOH%2FsB5RG8KiXOzEQU%2BMjjymDJXe%2FQ%3D&reserved=0" originalsrc="https://suricata-ids.org/training/" shash="u3Mrpdl5OQYhQ9HS+AZvrXgtMs2yFIiAtGclKUQbPUn/bD01o1aeCpIl18BjnEID2Jo5mNbSHYrd1klCNC5b4WiPMweno+vrcm/+UWer+cpE0HqJNUpJUkz5Ie0KbY0CSqvN+75My4PcgWPDm/aAayvDjpUx9WGO4oRmKWdFcmQ=">
https://suricata-ids.org/training/</a></span></div>
</blockquote>
</div>
</div>
</div>
</body>
</html>