
<html><head><style type=text/css><!--

.email-body p.mcntMsoNormal, .email-body li.mcntMsoNormal, .email-body div.mcntMsoNormal { margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; }

.email-body a:link, .email-body span.mcntMsoHyperlink { color: blue; text-decoration: underline; }

.email-body a:visited, .email-body span.mcntMsoHyperlinkFollowed { color: purple; text-decoration: underline; }

.email-body p.mcntmsonormal0, .email-body li.mcntmsonormal0, .email-body div.mcntmsonormal0 { margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; }

.email-body span.mcntEmailStyle19 { font-family: Calibri, sans-serif; color: windowtext; }

.email-body .mcntMsoChpDefault { font-family: Calibri, sans-serif; }

@page .email-body WordSection1 { size: 8.5in 11in; margin: 1in; }

.email-body div.mcntWordSection1 { page: WordSection1; }

.email-body .mcntstyle1 { font-family: "Times New Roman"; }

.email-body a {color: blue}

.email-body a:visible {color: purple}

--></style></head><body>Is there any estimate when this issue will have a patch or fix or new revision?<div><br></div><div>Thanks.</div><div><br></div><div>Leonard<br><br><div><strong>

From:

</strong>

 
Leonard Jacobs <leonard.jacobs@view.com>

<br>

<strong>

To:

</strong>

 
Michał Purzyński <michalpurzynski1@gmail.com>

<br>

<strong>

Cc:

</strong>

 
"oisf-users@lists.openinfosecfoundation.org" <oisf-users@lists.openinfosecfoundation.org>

<br>

<strong>

Sent:

 
</strong>

11/19/2019 7:47 AM

<br>

<strong>

Subject:

</strong>

 
Re: [Oisf-users] Suricata 5.0.0 randomly stops running

<br><br><blockquote class="mcnt mori" style="margin:0 0 0 .8ex;border-left:1px solid #CCC;padding-left:1ex;"><div class="email-body">

<div class="mcntWordSection1">

<p class="mcntMsoNormal">Seems like it make sense to disable SMB detection until this issue is fixed.</p>

<p class="mcntMsoNormal"> </p>

<p class="mcntMsoNormal"><b>From:</b> Michał Purzyński <michalpurzynski1@gmail.com> <br>

<b>Sent:</b> Monday, November 18, 2019 6:14 PM<br>

<b>To:</b> Leonard Jacobs <leonard.jacobs@view.com><br>

<b>Cc:</b> oisf-users@lists.openinfosecfoundation.org<br>

<b>Subject:</b> Re: [Oisf-users] Suricata 5.0.0 randomly stops running</p>

<p class="mcntMsoNormal"> </p>

<div>

<div>

<p class="mcntMsoNormal">Does "stops running" mean it crashes? If so, can you get the core file?</p>

</div>

<div>

<p class="mcntMsoNormal">Might not be related, but do you have SMB traffic in your network? I just stumbled upon this bug (it might be something else for you of course)

<a href="https://redmine.openinfosecfoundation.org/issues/3342?issue_count=191&issue_position=1&next_issue_id=3341" target="_blank">

https://redmine.openinfosecfoundation.org/issues/3342?issue_count=191&issue_position=1&next_issue_id=3341</a></p>

</div>

<div>

<p class="mcntMsoNormal"> </p>

</div>

</div>

<p class="mcntMsoNormal"> </p>

<div>

<div>

<p class="mcntMsoNormal">On Mon, Nov 18, 2019 at 5:48 AM Leonard Jacobs <<a href="mailto:leonard.jacobs@view.com" title="Send email to leonard.jacobs@view.com" class="mailto" target="_blank">leonard.jacobs@view.com</a>> wrote:</p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">

<div>

<div>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Ever since we went to Suricata 5.0.0, our installation randomly stops and we have to restart Suricata.  At first, we thought the script that starts Suricata was failing but we manually

 start it at a command line and experience the same issue.</p>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> </p>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Running Suricata on Ubuntu 18.04 with 350 GB SSD, Xeon processor, and 8 GB of RAM.  Suricata is configured to just listen to network traffic on one gig ethernet port.</p>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> </p>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">How can I find out what is causing this problem?</p>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> </p>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks.</p>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> </p>

<p class="mcntMsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><b><span style="font-family:"Century Gothic",sans-serif;color:#33637C">Leonard</span></b></p>

</div>

<p class="mcntMsoNormal" style="margin-bottom:12.0pt"> </p>

<p><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#666666">This message and any attachments may contain confidential information of View, Inc. If you are not the intended recipient you are hereby notified that any dissemination, copying

 or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and delete the message from your computer.</span></p>

</div>

<p class="mcntMsoNormal">_______________________________________________<br>

Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank" title="Send email to oisf-users@openinfosecfoundation.org" class="mailto">

oisf-users@openinfosecfoundation.org</a><br>

Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support:

<a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>

List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">

https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

<br>

Conference: <a href="https://suricon.net" target="_blank">https://suricon.net</a><br>

Trainings: <a href="https://suricata-ids.org/training/" target="_blank">https://suricata-ids.org/training/</a></p>

</blockquote>

</div>

</div>


<br><br><p style="font-family: Verdana; font-size:10pt; color:#666666;"></p><p style="font-family: Verdana; font-size:8pt; color:#666666;">This message and any attachments may contain confidential information of View, Inc. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and delete the message from your computer.</p>

</div><br><br>_______________________________________________<br>Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org<br>Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/<br>List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users<br><br>Conference: https://suricon.net<br>Trainings: https://suricata-ids.org/training/</blockquote></div></div></body></html>