[Oisf-users] suricata
Константин Хабаров
k.khabarov at krasnodar.pro
Thu Jun 7 11:44:09 UTC 2012
Hi all, i use suricata engine version 1.2.1
it works fine for a month, but one time it starts crashing. Now, it can
work 1-2 days and crash, but can crash after 5-10 minutes working
Here is my suricata output
7/6/2012 -- 14:44:57 - <Info> - This is Suricata version 1.2.1 RELEASE
7/6/2012 -- 14:44:57 - <Info> - CPUs/cores online: 4
7/6/2012 -- 14:44:57 - <Info> - Found an MTU of 1500 for 'eth1'
7/6/2012 -- 14:44:57 - <Info> - Using PCRE match-limit setting of: 3500
7/6/2012 -- 14:44:57 - <Info> - preallocated 50 packets. Total memory 156000
7/6/2012 -- 14:44:57 - <Info> - allocated 524288 bytes of memory for the
flow hash... 65536 buckets of size 8
7/6/2012 -- 14:44:57 - <Info> - preallocated 10000 flows of size 168
7/6/2012 -- 14:44:57 - <Info> - flow memory usage: 2204288 bytes, maximum:
33554432
7/6/2012 -- 14:45:03 - <Info> - 1 rule files processed. 11833 rules
succesfully loaded, 0 rules failed
7/6/2012 -- 14:45:15 - <Info> - 11841 signatures processed. 724 are IP-only
rules, 3627 are inspecting packet payload, 8959 inspect application layer,
0 are decoder event only
7/6/2012 -- 14:45:15 - <Info> - building signature grouping structure,
stage 1: adding signatures to signature source addresses... complete
7/6/2012 -- 14:45:15 - <Info> - building signature grouping structure,
stage 2: building source address list... complete
7/6/2012 -- 14:45:17 - <Info> - building signature grouping structure,
stage 3: building destination address lists... complete
7/6/2012 -- 14:45:19 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error
opening file: "threshold.config": No such file or directory
7/6/2012 -- 14:45:19 - <Info> - Core dump size set to unlimited.
7/6/2012 -- 14:45:19 - <Info> - Unified2-alert initialized: filename
suricata.u2, limit 32 MB
7/6/2012 -- 14:45:19 - <Info> - Using 1 live device(s).
7/6/2012 -- 14:45:19 - <Info> - Unable to find pcap config for interface
eth1, using default value
7/6/2012 -- 14:45:19 - <Info> - using interface eth1
7/6/2012 -- 14:45:19 - <Info> - Running in 'auto' checksum mode. Detection
of interface state will require 1000 packets.
7/6/2012 -- 14:45:19 - <Info> - RunModeIdsPcapAuto initialised
7/6/2012 -- 14:45:19 - <Info> - stream "max_sessions": 262144
7/6/2012 -- 14:45:19 - <Info> - stream "prealloc_sessions": 32768
7/6/2012 -- 14:45:19 - <Info> - stream "memcap": 33554432
7/6/2012 -- 14:45:19 - <Info> - stream "midstream" session pickups: disabled
7/6/2012 -- 14:45:19 - <Info> - stream "async_oneside": disabled
7/6/2012 -- 14:45:19 - <Info> - stream "checksum_validation": enabled
7/6/2012 -- 14:45:19 - <Info> - stream."inline": disabled
7/6/2012 -- 14:45:19 - <Info> - stream.reassembly "memcap": 67108864
7/6/2012 -- 14:45:19 - <Info> - stream.reassembly "depth": 1048576
7/6/2012 -- 14:45:19 - <Info> - stream.reassembly "toserver_chunk_size":
2560
7/6/2012 -- 14:45:19 - <Info> - stream.reassembly "toclient_chunk_size":
2560
7/6/2012 -- 14:45:19 - <Info> - all 10 packet processing threads, 1
management threads initialized, engine started.
7/6/2012 -- 14:45:22 - <Info> - No packets with invalid checksum, assuming
checksum offloading is NOT used
Segmentation fault (core dumped)
I get segmentation fault error after 5 minutes working.
I see an error opening "threshold.config", but i don't use it in my
suricata.yaml config file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120607/d8dedad3/attachment.html
More information about the Oisf-users
mailing list