[Discussion] Suricata with PF_RING 4.7
Mohsen Saeedi
mohsen.saeedi at gmail.com
Sat Sep 17 16:50:35 UTC 2011
Hi
I make suricata 1.0.4 rpm and pfring 4.7 rpm and installed them with
new pcap lib on the centos 6.0.but when i started suricata with below
command it report some error about pfring receive! please help me.
suricata -c /etc/suricata/suricata.yaml --pfring-int=eth1
[11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
(ReceivePfringThreadInit) -- Going to use cluster-id 99
[11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
(ReceivePfringThreadInit) -- going to use interface eth1
[11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
(ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
[11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
(ReceivePfringThreadInit) -- pfring cluster type cluster_flow
[11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
(ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
[11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
(ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
error -1
[11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
[11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
Recv:0 Drop:0 (-nan%).
[11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
(ReceivePfringThreadInit) -- Going to use cluster-id 99
[11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
(TmThreadRestartThread) -- thread "ReceivePfring" restarted
[11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
(ReceivePfringThreadInit) -- going to use interface eth1
[11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
(ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
[11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
(ReceivePfringThreadInit) -- pfring cluster type cluster_flow
[11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
(ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
[11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
(ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
error -1
[11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
[11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
Recv:0 Drop:0 (-nan%).
[11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
(TmThreadRestartThread) -- thread "ReceivePfring" restarted
[11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
(ReceivePfringThreadInit) -- Going to use cluster-id 99
[11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
(ReceivePfringThreadInit) -- going to use interface eth1
[11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
(ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
[11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
(ReceivePfringThreadInit) -- pfring cluster type cluster_flow
[11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
(ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
[11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
(ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
error -1
[11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
[11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
Recv:0 Drop:0 (-nan%).
[11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
(TmThreadRestartThread) -- thread "ReceivePfring" restarted
[11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
(ReceivePfringThreadInit) -- Going to use cluster-id 99
[11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
(ReceivePfringThreadInit) -- going to use interface eth1
[11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
(ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
[11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
(ReceivePfringThreadInit) -- pfring cluster type cluster_flow
[11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
(ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
[11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
(ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
error -1
[11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
[11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
Recv:0 Drop:0 (-nan%).
[11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
(TmThreadRestartThread) -- thread "ReceivePfring" restarted
[11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
(ReceivePfringThreadInit) -- Going to use cluster-id 99
[11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
(ReceivePfringThreadInit) -- going to use interface eth1
[11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
(ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
[11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
(ReceivePfringThreadInit) -- pfring cluster type cluster_flow
[11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
(ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
[11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
(ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
error -1
[11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
[11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
Recv:0 Drop:0 (-nan%).
[11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
(TmThreadRestartThread) -- thread "ReceivePfring" restarted
[11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
(ReceivePfringThreadInit) -- Going to use cluster-id 99
[11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
(ReceivePfringThreadInit) -- going to use interface eth1
[11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
(ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
[11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
(ReceivePfringThreadInit) -- pfring cluster type cluster_flow
[11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:289) <Error>
(ReceivePfringThreadInit) -- [ERRCODE:
SC_ERR_PF_RING_SET_CLUSTER_FAILED(37)] - pfring_set_cluster returned
-1 for cluster-id: 99
[11829] 17/9/2011 -- 21:17:48 - (suricata.c:1165) <Info> (main) --
signal received
[11829] 17/9/2011 -- 21:17:48 - (suricata.c:1195) <Info> (main) --
time elapsed 0s
[11841] 17/9/2011 -- 21:17:48 - (flow.c:1107) <Info>
(FlowManagerThread) -- 0 new flows, 0 established flows were timed
out, 0 flows in closed state
[11829] 17/9/2011 -- 21:17:48 - (stream-tcp-reassemble.c:291) <Info>
(StreamTcpReassembleFree) -- Max memuse of the stream reassembly
engine 11292544 (in use 0)
[11829] 17/9/2011 -- 21:17:49 - (stream-tcp.c:487) <Info>
(StreamTcpFreeConfig) -- Max memuse of stream engine 5505024 (in use
0)
[11829] 17/9/2011 -- 21:17:49 - (detect.c:2820) <Info>
(SigAddressCleanupStage1) -- cleaning up signature grouping
structure...
[11829] 17/9/2011 -- 21:17:49 - (detect.c:2835) <Info>
(SigAddressCleanupStage1) -- cleaning up signature grouping
structure... done
--
Seyyed Mohsen Saeedi
سید محسن سعیدی
More information about the Discussion
mailing list