[Oisf-devel] tcp.ssn_memcap_drop
Martin Holste
mcholste at gmail.com
Wed Sep 21 18:57:14 UTC 2011
Cool, thanks.
On Wed, Sep 21, 2011 at 1:47 PM, Chris Wakelin
<c.d.wakelin at reading.ac.uk> wrote:
> On 21/09/11 19:34, Martin Holste wrote:
>> Care to share the script? The crashes are associated with load: more
>> packets means greater chance of crash, so I'm going to have to setup a
>> script to restart. I've been running suri out of gdb.
>>
>
> Not particularly elegant, but here goes! I run it every 10 minutes via
> cron. If the core file exists already, I think Suricata won't overwrite
> so I've sometimes got identical backtraces! Unfortunately, I don't have
> the space to archive the cores manually, even gzipped.
>
> Best Wishes,
> Chris
>
>
> cat /opt/RDGsuricata/local/check-suricata.sh :-
>
> #! /bin/sh
>
> LOGDIR=/var/log/suricata
> LOGFILE=$LOGDIR/suricata.log
> SURICATA=/opt/RDGsuricata/bin/suricata
>
> DATE=`date '+%Y-%m-%d-%H%M%S'`
>
> # Check eth1 is up and "up" it if not (e.g. after reboot)
> /sbin/ifconfig eth1 | grep -s "UP BROADCAST" > /dev/null ||
> (/sbin/ifconfig eth1 up; ethtool -G eth1 rx 4096)
>
> pgrep -x `basename $SURICATA` > /dev/null
> if [ $? -ne 0 ]; then
> if [ -s $LOGDIR/core ] ; then
> gdb -x /opt/RDGsuricata/local/gdb-commands $SURICATA $LOGDIR/core >
> $LOGDIR/core.bt.$DATE
> # rm $LOGDIR/core
> fi
> mv $LOGFILE $LOGFILE.$DATE
> cd $LOGDIR
> $SURICATA --pfring-int eth1 -c /etc/suricata/suricata.yaml -D
> fi
>
> cat /opt/RDGsuricata/local/gdb-commands :-
>
> bt full
> quit
>
> --
> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
> Christopher Wakelin, c.d.wakelin at reading.ac.uk
> IT Services Centre, The University of Reading, Tel: +44 (0)118 378 2908
> Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
>
More information about the Oisf-devel
mailing list