[Oisf-users] New Suricata install crashes on Windows
Victor Julien
victor at inliniac.net
Tue Jun 5 19:34:16 UTC 2012
On 06/05/2012 08:54 PM, J. Oquendo wrote:
>
> Hey everyone, I just went through a clean install via the msi on the
> site, on a W2K3 machine. No matter what rules I use, the application
> seems to crash:
>
> C:\Suricata>suricata.exe -c suricata.yaml -i 22.21.20.19 -s
> rules\emerging-web_server.rules
> 5/6/2012 -- 14:36:00 - <Info> - translated 22.21.20.19 to pcap device
> \Device\NPF_{02858509-0BC6-4461-8626-3CB0251A21CA}
> 5/6/2012 -- 14:36:00 - <Info> - This is Suricata version 1.2.1 RELEASE
> 5/6/2012 -- 14:36:00 - <Info> - CPUs/cores online: 2
> 5/6/2012 -- 14:36:00 - <Info> - Failure when trying to get MTU via ioctl: 22
> 5/6/2012 -- 14:36:00 - <Info> - Using PCRE match-limit setting of: 35000
This says 35000
> 3 [main] suricata 5308 exception::handle: Exception:
> STATUS_ILLEGAL_INSTRUCTION
> 1514 [main] suricata 5308 open_stackdumpfile: Dumping stack trace to
> suricata.exe.stackdump
>
> Thought it had something to do with mtu settings, so I opened
> suricata.yaml modified the MTU to 1514, tried again:
>
> C:\Suricata>suricata.exe -c suricata.yaml -i 22.21.20.19 -s
> rules\emerging-web_server.rules
> 5/6/2012 -- 14:37:15 - <Info> - translated 22.21.20.19 to pcap device
> \Device\NPF_{02858509-0BC6-4461-8626-3CB0251A21CA}
> 5/6/2012 -- 14:37:15 - <Info> - This is Suricata version 1.2.1 RELEASE
> 5/6/2012 -- 14:37:15 - <Info> - CPUs/cores online: 2
> 5/6/2012 -- 14:37:15 - <Info> - Using PCRE match-limit setting of: 3500
This 3500, did you change it?
> 3 [main] suricata 976 exception::handle: Exception:
> STATUS_ILLEGAL_INSTRUCTION
> 4623 [main] suricata 976 open_stackdumpfile: Dumping stack trace to
> suricata.exe.stackdump
I have no experience with analyzing windows stackdumps. Any way to get
more info out of them?
> From time to time, I have seen equipment dislike even that MTU of 1514
> so I also tried 1500, still the same. I thought rules, but wouldn't make
> sense to me. Doesn't matter what rules I try, suricata always crashes.
> Any pointers on how to resolve this? I tried Googling this issue before
> posting, closest I got was:
> http://code.google.com/p/security-onion/issues/detail?id=26
>
Did you try rerunning configure with --disable-gccmarch-native and then
a make clean && make.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list