[Oisf-devel] Suricata 1.3.4 freezing with 100% CPU Consumption

Eduardo Meyer dudu.meyer at gmail.com
Fri Aug 23 20:09:41 UTC 2013


Just to complete this thread, it worked just fine :)

Thank you all!


On Fri, Aug 23, 2013 at 12:48 PM, Peter Manev <petermanev at gmail.com> wrote:

> On Thu, Aug 22, 2013 at 1:55 AM, Eduardo Meyer <dudu.meyer at gmail.com>
> wrote:
> > Dear rmkml,
> >
> > I did it. On firt run, it stucked on startup at full CPU usage, as
> Suricata
> > always does when it starts. But it never came back, looped 100% CPU usage
> > forever.
> >
> > I killed it 4 minutes later. Restarted and now it is running fine,
> almost 2h
> > without any issue. Seems more stable, besides that strange first startup.
> >
> > I will keep monitoring its behavior, thanks for suggesting the obvious. I
> > relied on FreeBSD ports and was sure I was running latest, seems I am so
> > wrong ;-)
> >
> > Meanwhile, what causes this warning?
> >
> > 21/8/2013 -- 19:04:16 - <Warning> - [ERRCODE:
> SC_WARN_OUTDATED_LIBHTP(202)]
> > - libhtp < 0.2.7 detected. Keyword http_raw_header will not be able to
> > inspect response headers.
> >
> > According to the message it seems that my libhtp is old, minor than
> 0.2.7.
> > However it's 3.0:
> >
> > # ldd /usr/local/bin/suricata
> > /usr/local/bin/suricata:
> >     libmagic.so.4 => /usr/lib/libmagic.so.4 (0x80093c000)
> >     libhtp-0.3.so.1 => /usr/local/lib/libhtp-0.3.so.1 (0x800a55000)
> >     libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x800b6e000)
> >     libz.so.5 => /lib/libz.so.5 (0x800d68000)
> >     libpcap.so.7 => /lib/libpcap.so.7 (0x800e7d000)
> >     libnet.so.8 => /usr/local/lib/libnet11/libnet.so.8 (0x800fae000)
> >     libthr.so.3 => /lib/libthr.so.3 (0x8010c6000)
> >     libyaml-0.so.2 => /usr/local/lib/libyaml-0.so.2 (0x8011df000)
> >     libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x8012fe000)
> >     libc.so.7 => /lib/libc.so.7 (0x801458000)
> > # pkg_info -x libhtp
> > Information for libhtp-0.3.0_2:
> >
> > Comment:
> > Security-aware parser for the HTTP protocol
> >
> > Should I care about this warning?
>
>
> As suggested by rmkml an upgrade to 1.4.5 is strongly recommended !
>
> >
> >
> > On Wed, Aug 21, 2013 at 6:18 PM, rmkml <rmkml at yahoo.fr> wrote:
> >>
> >> Hi Eduardo,
> >> Could you try with latest v1.4.5 if you have same pb please ?
> >> Regards
> >> @Rmkml
> >>
> >>
>
>
> --
> Regards,
> Peter Manev
>



-- 
===========
Eduardo Meyer
pessoal: dudu.meyer at gmail.com
profissional: ddm.farmaciap at saude.gov.br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130823/5eb91be0/attachment-0002.html>


More information about the Oisf-devel mailing list