[Oisf-users] Suricata restart hard lock?
John Daly
longjohngolf at gmail.com
Tue May 31 22:33:01 UTC 2016
On Tue, May 31, 2016 at 3:25 PM Andreas Herz <andi at geekosphere.org> wrote:
> On 31/05/16 at 22:19, John Daly wrote:
> > Hi all,
> >
> > I'm experiencing hard locks when I stop Suricata or try to restart
> > Suricata. Is anyone else experiencing this?
>
> Can you post the suricata.log or verbose output?
> --build-info as well?
>
suricata.log
---------------
31/5/2016 -- 22:17:17 - <Notice> - This is Suricata version 3.0.1 RELEASE
31/5/2016 -- 22:17:24 - <Warning> - [ERRCODE: SC_ERR_DEPRECATED_CONF(274)]
- Found deprecated eve-log setting "sensor-name". Please set sensor-name
globally.
31/5/2016 -- 22:17:24 - <Error> - [ERRCODE: SC_ERR_NETMAP_CREATE(263)] -
Unable to set flags for iface "ens3f0": Operation not permitted
31/5/2016 -- 22:17:37 - <Notice> - all 28 packet processing threads, 4
management threads initialized, engine started.
--build-info
-----------------
This is Suricata version 3.0.1 RELEASE
Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET NETMAP
HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT
HAVE_NSS HAVE_LIBJANSSON TLS
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrisics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 5.3.1 20160406 (Red Hat 5.3.1-6), C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.19, linked against LibHTP v0.5.19
Suricata Configuration:
AF_PACKET support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: yes
DAG enabled: no
Napatech enabled: no
Unix socket enabled: yes
Detection enabled: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: no
Prelude support: no
PCRE jit: yes
LUA support: no
libluajit: no
libgeoip: no
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: no
Hyperscan support: no
Suricatasc install: yes
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Profiling enabled: no
Profiling locks enabled: no
Coccinelle / spatch: no
Generic build parameters:
Installation prefix: /opt/suricata
Configuration directory: /opt/suricata/etc/suricata/
Log directory: /var//opt/suricata/log/suricata/
--prefix /opt/suricata
--sysconfdir /opt/suricata/etc
--localstatedir /var//opt/suricata
Host: x86_64-unknown-linux-gnu
Compiler: gcc (exec name) / gcc (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -march=native
PCAP_CFLAGS
SECCFLAGS
>
> Do you see anything else in your systemlos when this happens?
>
Unfortunately there isn't much coming out of the systemd journal at the
time of the hang, mostly just messages from netmap, see:
kernel: *924.656725 [ 473] ixgbe_netmap_configure_srrctl bufsz: 4096
srrctl: 4*
> > I'm running Suricata 3.0.1 with Netmap support on Fedora 23.
>
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
>
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160531/6ae62f74/attachment-0002.html>
More information about the Oisf-users
mailing list