[Oisf-users] Daemon mode exits silently, latest git
Darren Spruell
phatbuckett at gmail.com
Mon May 7 09:58:04 UTC 2012
OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011
deraadt at i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
suricata (git) [Suricata version 1.3dev (rev bff2866)]
autoconf-2.61
automake-1.10.3
libtool-1.5.26
gcc version 4.2.1
standard system 'make'
libpcre 8.12
libnet-1.1.2.1
libyaml-0.1.2
Built latest from git; configured as follows:
./configure --sysconfdir=/etc --localstatedir=/var
--with-libnet-includes=/usr/local/include/libnet-1.1
--with-libnet-libraries=/usr/local/lib/libnet-1.1
Some sort of issue daemonizing cleanly on this platform?
$ sudo /usr/local/bin/suricata -D -c /etc/suricata/suricata.yaml -i trunk0
[14758] 7/5/2012 -- 00:37:52 - (suricata.c:1171) <Info> (main) -- This
is Suricata version 1.3dev (rev bff2866)
[14758] 7/5/2012 -- 00:37:52 - (util-cpu.c:171) <Info>
(UtilCpuPrintSummary) -- CPUs/cores online: 1
[14758] 7/5/2012 -- 00:37:52 - (util-ioctl.c:91) <Info> (GetIfaceMTU)
-- Found an MTU of 1500 for 'trunk0'
Initialization syslog logging with format "[%i] <%d> -- ".
[14758] 7/5/2012 -- 00:37:52 - (tmqh-flow.c:76) <Info>
(TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow
load balancer
$ echo $?
0
$ pgrep suricata || echo nope
nope
The following is all that appears in syslog and/or suricata.log:
May 7 00:37:52 molodetz suricata: [14758] 7/5/2012 -- 00:37:52 -
(tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using
default "Active Packets" flow load balancer
When suricata is launched to run in foreground, it initializes and
does not abort:
$ sudo /usr/local/bin/suricata -c /etc/suricata/suricata.yaml -i trunk0
[5740] 7/5/2012 -- 00:43:46 - (suricata.c:1171) <Info> (main) -- This
is Suricata version 1.3dev (rev bff2866)
[5740] 7/5/2012 -- 00:43:46 - (util-cpu.c:171) <Info>
(UtilCpuPrintSummary) -- CPUs/cores online: 1
[5740] 7/5/2012 -- 00:43:46 - (util-ioctl.c:91) <Info> (GetIfaceMTU)
-- Found an MTU of 1500 for 'trunk0'
Initialization syslog logging with format "[%i] <%d> -- ".
[5740] 7/5/2012 -- 00:43:46 - (tmqh-flow.c:76) <Info>
(TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow
load balancer
[5740] 7/5/2012 -- 00:43:46 - (suricata.c:1621) <Info> (main) --
preallocated 1024 packets. Total memory 3174400
[5740] 7/5/2012 -- 00:43:46 - (host.c:200) <Info> (HostInitConfig) --
allocated 49152 bytes of memory for the host hash... 4096 buckets of
size 12
[5740] 7/5/2012 -- 00:43:47 - (host.c:223) <Info> (HostInitConfig) --
preallocated 1000 hosts of size 56
[5740] 7/5/2012 -- 00:43:47 - (host.c:225) <Info> (HostInitConfig) --
host memory usage: 105152 bytes, maximum: 16777216
[5740] 7/5/2012 -- 00:43:47 - (flow.c:421) <Info> (FlowInitConfig) --
allocated 786432 bytes of memory for the flow hash... 65536 buckets of
size 12
[5740] 7/5/2012 -- 00:43:47 - (flow.c:445) <Info> (FlowInitConfig) --
preallocated 10000 flows of size 140
[5740] 7/5/2012 -- 00:43:47 - (flow.c:447) <Info> (FlowInitConfig) --
flow memory usage: 2186432 bytes, maximum: 33554432
[5740] 7/5/2012 -- 00:43:47 - (util-magic.c:62) <Info> (MagicInit) --
using magic-file /usr/local/share/file/magic.mgc
...
I enabled debug logging and reran; here are results from suricata.log:
-----
[22634] 7/5/2012 -- 02:45:59 - (util-debug.c:1211) <Debug>
(SCLogLoadConfig) -- sc_log_global_log_level: 8
[22634] 7/5/2012 -- 02:45:59 - (util-debug.c:1212) <Debug>
(SCLogLoadConfig) -- sc_lc->log_format: [%i] %t - (%f:%l) <%d> (%n) --
[22634] 7/5/2012 -- 02:45:59 - (util-debug.c:1213) <Debug>
(SCLogLoadConfig) -- SCLogSetOPFilter: filter: (null)
[22634] 7/5/2012 -- 02:45:59 - (conf.c:262) <Debug> (ConfGet) --
failed to lookup configuration parameter 'defrag.trackers'
[22634] 7/5/2012 -- 02:45:59 - (defrag.c:486) <Debug>
(DefragContextNew) -- Defrag Initialized:
[22634] 7/5/2012 -- 02:45:59 - (defrag.c:487) <Debug>
(DefragContextNew) -- Timeout: 60
[22634] 7/5/2012 -- 02:45:59 - (defrag.c:488) <Debug>
(DefragContextNew) -- Maximum defrag trackers: 65535
[22634] 7/5/2012 -- 02:45:59 - (defrag.c:489) <Debug>
(DefragContextNew) -- Preallocated defrag trackers: 65535
[22634] 7/5/2012 -- 02:45:59 - (defrag.c:490) <Debug>
(DefragContextNew) -- Maximum fragments: 65535
[22634] 7/5/2012 -- 02:45:59 - (defrag.c:491) <Debug>
(DefragContextNew) -- Preallocated fragments: 16383
[22634] 7/5/2012 -- 02:45:59 - (detect-classtype.c:57) <Debug>
(DetectClasstypeRegister) -- Registering the Classtype keyword handler
[22634] 7/5/2012 -- 02:45:59 - (detect-pcre.c:110) <Debug>
(DetectPcreRegister) -- Using PCRE match-limit setting of: 3500
[22634] 7/5/2012 -- 02:45:59 - (detect-pcre.c:125) <Debug>
(DetectPcreRegister) -- Using PCRE match-limit-recursion setting of:
1500
[22634] 7/5/2012 -- 02:45:59 - (detect-id.c:71) <Debug>
(DetectIdRegister) -- registering id rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-http-method.c:80) <Debug>
(DetectHttpMethodRegister) -- registering http_method rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-tls.c:106) <Debug>
(DetectTlsRegister) -- registering tls.subject rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-tls.c:121) <Debug>
(DetectTlsRegister) -- registering tls.issuerdn rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-tls-version.c:82) <Debug>
(DetectTlsVersionRegister) -- registering tls.version rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-ssh-proto-version.c:86) <Debug>
(DetectSshVersionRegister) -- registering ssh.protoversion rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-ssl-state.c:84) <Debug>
(DetectSslStateRegister) -- registering ssl_state rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-ssh-software-version.c:91)
<Debug> (DetectSshSoftwareVersionRegister) -- registering
ssh.softwareversion rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-ssl-version.c:85) <Debug>
(DetectSslVersionRegister) -- registering ssl_version rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-filename.c:70) <Debug>
(DetectFilenameRegister) -- registering filename rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-fileext.c:71) <Debug>
(DetectFileextRegister) -- registering fileext rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-filestore.c:92) <Debug>
(DetectFilestoreRegister) -- registering filestore rule option
[22634] 7/5/2012 -- 02:45:59 - (detect-filemagic.c:72) <Debug>
(DetectFilemagicRegister) -- registering filemagic rule option
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin sid has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin rev has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin metadata has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin depth has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin offset has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin nocase has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin rawbytes has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin flowvar has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin pktvar has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin noalert has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin (null) has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin tcpv4-csum has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin tcpv6-csum has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin udpv4-csum has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin udpv6-csum has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin icmpv4-csum has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin icmpv6-csum has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin decode-event has no unittest registration
function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin file_data has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin stream-event has no unittest registration
function.
[22634] 7/5/2012 -- 02:45:59 - (detect.c:4544) <Debug> (SigTableSetup)
-- detection plugin filestore has no unittest registration function.
[22634] 7/5/2012 -- 02:45:59 - (conf.c:262) <Debug> (ConfGet) --
failed to lookup configuration parameter 'autofp-scheduler'
[22634] 7/5/2012 -- 02:45:59 - (tmqh-flow.c:76) <Info>
(TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow
load balancer
[22634] 7/5/2012 -- 02:45:59 - (counters.c:311) <Debug>
(SCPerfInitOPCtx) -- Entering ... >>
[22634] 7/5/2012 -- 02:45:59 - (counters.c:385) <Debug>
(SCPerfInitOPCtx) -- Returning ... <<
[22634] 7/5/2012 -- 02:45:59 - (reputation.c:58) <Debug>
(SCReputationInitCtx) -- Reputation IPV4 module initialized
[22634] 7/5/2012 -- 02:45:59 - (reputation.c:66) <Debug>
(SCReputationInitCtx) -- Reputation IPV6 module initialized
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "AlertFastLog" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "AlertDebugLog" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "Unified2Alert" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "AlertSyslog" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "AlertPcapInfo" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "LogDropLog" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "LogHttpLog" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "PcapLog" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "LogFileLog" registered.
[22634] 7/5/2012 -- 02:45:59 - (log-file.c:84) <Debug>
(TmModuleLogFileLogRegister) -- registered
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "LogFilestoreLog" registered.
[22634] 7/5/2012 -- 02:45:59 - (output.c:60) <Debug>
(OutputRegisterModule) -- Output module "LogFilestoreLog" registered.
[22634] 7/5/2012 -- 02:45:59 - (log-filestore.c:85) <Debug>
(TmModuleLogFilestoreRegister) -- registered
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- DecodeNFQ:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- VerdictNFQ:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- ReceiveNFQ:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- ReceivePcap:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- ReceivePcapFile:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- DecodePcap:0x1c015170
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- DecodePcapFile:0x1c018a70
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- ReceivePfring:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- DecodePfring:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- Detect:0x1c043660
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertFastLog:0x1c171740
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertFastLogIPv4:0x1c1714c0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertFastLogIPv6:0x1c171190
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- Unified2Alert:0x1c177af0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertPrelude:0x1c173200
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertDebugLog:0x1c1730c0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertSyslog:0x1c178520
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- LogDropLog:0x1c17a6e0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertSyslogIPv4:0x1c1782b0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertSyslogIPv6:0x1c178040
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- RespondReject:0x1c1c4ed0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- LogHttpLog:0x1c17ce50
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- LogHttpLogIPv4:0x1c17ce20
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- LogHttpLogIPv6:0x1c17cdf0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- PcapLog:0x1c180cc0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- LogFileLog:0x1c182820
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- LogFilestoreLog:0x1c185230
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- StreamTcp:0x1c1ab400
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- DecodeIPFW:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- VerdictIPFW:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- ReceiveIPFW:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- ReceiveErfFile:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- DecodeErfFile:0x1c01b300
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- ReceiveErfDag:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- DecodeErfDag:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- NapatechFeed:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- NapatechDecode:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- ReceiveAFP:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- DecodeAFP:0x0
[22634] 7/5/2012 -- 02:45:59 - (tm-modules.c:42) <Debug>
(TmModuleDebugList) -- AlertPcapInfo:0x1c179dc0
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:397) <Debug>
(AppLayerHtpNeedFileInspection) -- Entering ... >>
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:382) <Debug>
(AppLayerHtpNeedMultipartHeader) -- Entering ... >>
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:358) <Debug>
(AppLayerHtpEnableRequestBodyCallback) -- Entering ... >>
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:360) <Debug>
(AppLayerHtpEnableRequestBodyCallback) -- Returning ... <<
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:386) <Debug>
(AppLayerHtpNeedMultipartHeader) -- Returning ... <<
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:358) <Debug>
(AppLayerHtpEnableRequestBodyCallback) -- Entering ... >>
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:360) <Debug>
(AppLayerHtpEnableRequestBodyCallback) -- Returning ... <<
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:370) <Debug>
(AppLayerHtpEnableResponseBodyCallback) -- Entering ... >>
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:372) <Debug>
(AppLayerHtpEnableResponseBodyCallback) -- Returning ... <<
[22634] 7/5/2012 -- 02:45:59 - (app-layer-htp.c:403) <Debug>
(AppLayerHtpNeedFileInspection) -- Returning ... <<
[22634] 7/5/2012 -- 02:45:59 - (util-daemon.c:151) <Debug> (Daemonize)
-- Parent is waiting for child to be ready
[22634] 7/5/2012 -- 02:45:59 - (util-daemon.c:63) <Debug>
(WaitForChild) -- Daemon: Parent waiting for child to be ready...
[22634] 7/5/2012 -- 02:45:59 - (util-daemon.c:155) <Debug> (Daemonize)
-- Child is ready, parent exiting
-----
--
Darren Spruell
phatbuckett at gmail.com
More information about the Oisf-users
mailing list