[Oisf-devel] Suricata dies (core dump) w/ multiple NICs

Eduardo Meyer dudu.meyer at gmail.com
Wed May 20 23:02:51 UTC 2015


I am running Suricata 2.0.8 RELEASE with 3 interfaces, and from times to
times suricata simply dies. This is the process arguments in use:

root         45492   1.0  1.5 1299164 251564  -  Is    4:20PM    84:38.13
/usr/local/bin/suricata -D -i bridge1 -i bridge2 -i bridge0 --pidfile
/var/run/suricata_bridge0.pid -c /usr/local/etc/suricata/suricata.yaml

I could not find a pattern when Suricata dies. Sometimes it's a high
pps/memory/bandwidth usage profile, sometimes it's a low demand hour with
just a couple pps passing the suricata system.

It never dies with a single interface. It dies for bridged ports, trunked
ports as well as for physical untagged ports, so it does not seem to be
related to virtual or real NICs it's listening at, although I noticed it
dies more frequently on bridged interfaces like the above scenario.

Is there anything I should look at with special attention on suricata.yaml?

I have a suricata.core everytime it dies. How can I produce useful
information from it?

Thank you.

Eduardo Meyer
pessoal: dudu.meyer at gmail.com
profissional: ddm.farmaciap at saude.gov.br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20150520/2fb3129a/attachment.html>

More information about the Oisf-devel mailing list