[Oisf-devel] Suricata 1.3.4 freezing with 100% CPU Consumption
Peter Manev
petermanev at gmail.com
Fri Aug 23 15:48:55 UTC 2013
On Thu, Aug 22, 2013 at 1:55 AM, Eduardo Meyer <dudu.meyer at gmail.com> wrote:
> Dear rmkml,
>
> I did it. On firt run, it stucked on startup at full CPU usage, as Suricata
> always does when it starts. But it never came back, looped 100% CPU usage
> forever.
>
> I killed it 4 minutes later. Restarted and now it is running fine, almost 2h
> without any issue. Seems more stable, besides that strange first startup.
>
> I will keep monitoring its behavior, thanks for suggesting the obvious. I
> relied on FreeBSD ports and was sure I was running latest, seems I am so
> wrong ;-)
>
> Meanwhile, what causes this warning?
>
> 21/8/2013 -- 19:04:16 - <Warning> - [ERRCODE: SC_WARN_OUTDATED_LIBHTP(202)]
> - libhtp < 0.2.7 detected. Keyword http_raw_header will not be able to
> inspect response headers.
>
> According to the message it seems that my libhtp is old, minor than 0.2.7.
> However it's 3.0:
>
> # ldd /usr/local/bin/suricata
> /usr/local/bin/suricata:
> libmagic.so.4 => /usr/lib/libmagic.so.4 (0x80093c000)
> libhtp-0.3.so.1 => /usr/local/lib/libhtp-0.3.so.1 (0x800a55000)
> libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x800b6e000)
> libz.so.5 => /lib/libz.so.5 (0x800d68000)
> libpcap.so.7 => /lib/libpcap.so.7 (0x800e7d000)
> libnet.so.8 => /usr/local/lib/libnet11/libnet.so.8 (0x800fae000)
> libthr.so.3 => /lib/libthr.so.3 (0x8010c6000)
> libyaml-0.so.2 => /usr/local/lib/libyaml-0.so.2 (0x8011df000)
> libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x8012fe000)
> libc.so.7 => /lib/libc.so.7 (0x801458000)
> # pkg_info -x libhtp
> Information for libhtp-0.3.0_2:
>
> Comment:
> Security-aware parser for the HTTP protocol
>
> Should I care about this warning?
As suggested by rmkml an upgrade to 1.4.5 is strongly recommended !
>
>
> On Wed, Aug 21, 2013 at 6:18 PM, rmkml <rmkml at yahoo.fr> wrote:
>>
>> Hi Eduardo,
>> Could you try with latest v1.4.5 if you have same pb please ?
>> Regards
>> @Rmkml
>>
>>
--
Regards,
Peter Manev
More information about the Oisf-devel
mailing list