[Oisf-devel] tcp.ssn_memcap_drop
Chris Wakelin
c.d.wakelin at reading.ac.uk
Wed Sep 21 18:47:37 UTC 2011
On 21/09/11 19:34, Martin Holste wrote:
> Care to share the script? The crashes are associated with load: more
> packets means greater chance of crash, so I'm going to have to setup a
> script to restart. I've been running suri out of gdb.
>
Not particularly elegant, but here goes! I run it every 10 minutes via
cron. If the core file exists already, I think Suricata won't overwrite
so I've sometimes got identical backtraces! Unfortunately, I don't have
the space to archive the cores manually, even gzipped.
Best Wishes,
Chris
cat /opt/RDGsuricata/local/check-suricata.sh :-
#! /bin/sh
LOGDIR=/var/log/suricata
LOGFILE=$LOGDIR/suricata.log
SURICATA=/opt/RDGsuricata/bin/suricata
DATE=`date '+%Y-%m-%d-%H%M%S'`
# Check eth1 is up and "up" it if not (e.g. after reboot)
/sbin/ifconfig eth1 | grep -s "UP BROADCAST" > /dev/null ||
(/sbin/ifconfig eth1 up; ethtool -G eth1 rx 4096)
pgrep -x `basename $SURICATA` > /dev/null
if [ $? -ne 0 ]; then
if [ -s $LOGDIR/core ] ; then
gdb -x /opt/RDGsuricata/local/gdb-commands $SURICATA $LOGDIR/core >
$LOGDIR/core.bt.$DATE
# rm $LOGDIR/core
fi
mv $LOGFILE $LOGFILE.$DATE
cd $LOGDIR
$SURICATA --pfring-int eth1 -c /etc/suricata/suricata.yaml -D
fi
cat /opt/RDGsuricata/local/gdb-commands :-
bt full
quit
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-devel
mailing list