[Oisf-devel] Suricata rule reloading mem leak
Breno Silva
breno.silva at gmail.com
Mon Sep 17 20:07:46 UTC 2018
I'm looking to my logs and it takes ~100 reloads to crash.
But not sure if amount of rules will change it or not.
On Mon, Sep 17, 2018 at 5:06 PM Breno Silva <breno.silva at gmail.com> wrote:
> Victor,
>
> Suricata 4.0.4
> It reports :
> 11/9/2018 -- 13:11:22 - <Notice> - rule reload complete
> 11/9/2018 -- 13:11:48 - <Notice> - rule reload starting
> 11/9/2018 -- 13:12:19 - <Error> - [ERRCODE: SC_ERR_MEM_ALLOC(1)] - Error
> allocating memory
> ...
>
> 12/9/2018 -- 07:38:49 - <Notice> - rule reload complete
> 12/9/2018 -- 07:39:46 - <Notice> - rule reload starting
> 12/9/2018 -- 07:40:17 - <Error> - [ERRCODE: SC_ERR_MEM_ALLOC(1)] - Error
> allocating memory
> ...
>
> 12/9/2018 -- 10:01:54 - <Notice> - rule reload complete
> 12/9/2018 -- 10:02:52 - <Notice> - rule reload starting
> 12/9/2018 -- 10:03:24 - <Error> - [ERRCODE: SC_ERR_MEM_ALLOC(1)] - Error
> allocating memory
> ...
>
> 12/9/2018 -- 14:00:09 - <Notice> - rule reload complete
> 12/9/2018 -- 14:01:04 - <Notice> - rule reload starting
> 12/9/2018 -- 14:01:37 - <Error> - [ERRCODE: SC_ERR_MEM_ALLOC(1)] - Error
> allocating memory
>
> On Mon, Sep 17, 2018 at 5:01 PM Victor Julien <lists at inliniac.net> wrote:
>
>> On 17-09-18 21:55, Breno Silva wrote:
>> > I have a tool that monitor all my interfaces ipv4/ipv6 addresses and
>> > when they change, the tool re-define HOMET_NET and send signal to
>> > suricata for rule reloading. Looks like there is a memory leak when it
>> > happens and suricata process memory increase until crash.
>> >
>> > All yaml files exists and are successfully loaded.
>>
>> Can you add some relevant info? What suri version, what did you try
>> already, how often does it reload before the crash, what kind of crash,
>> etc?
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Participate:
>> http://suricata-ids.org/participate/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> Redmine: https://redmine.openinfosecfoundation.org/
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20180917/ce2aebab/attachment-0001.html>
More information about the Oisf-devel
mailing list