[Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an latest v1.4beta

Peter Manev petermanev at gmail.com
Sat Sep 8 14:35:36 UTC 2012


Hi Stefan,

could it be a nsm-sensor issue?
I havn't had that problem with just restarting Suricata, what does
"nsm-sensor --restart" do , the code/shell script itself?

I remember Martin Holste saying something about pgrep...that "pgrep
suricata"  would not grep Suricata 1.4xxx, one would have to do "pgrep
Suricata" - could that be some sort of an issue?

thank you


On Sat, Sep 8, 2012 at 4:30 PM, Stefan Sabolowitsch <
Stefan.Sabolowitsch at felten-group.com> wrote:

>  Hi Peter, Eric
> i use NSMNow from SecurixLive with sguil.
>
> http://www.securixlive.com/nsmnow/index.php
>
> When i take "nsm-sensor --restart" (example update rules set), then i get
> this problem with 1.4beta (not with v1.3.1).
>
> Best regards
> Stefan
>  ------------------------------
> *Von:* Peter Manev [petermanev at gmail.com]
> *Gesendet:* Samstag, 8. September 2012 16:22
> *Bis:* Eric Leblond
> *Cc:* Stefan Sabolowitsch; oisf-users at openinfosecfoundation.org
>
> *Betreff:* Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an
> latest v1.4beta
>
>  Hi Stefan,
>
> I have not experienced the same problem.
> You mean - you stop Suricata - "Ctrl-C" or you kill the process ?
>
> thanks
>
> On Sat, Sep 8, 2012 at 3:17 PM, Eric Leblond <eric at regit.org> wrote:
>
>> Hi,
>>
>> Le samedi 08 septembre 2012 à 12:50 +0000, Stefan Sabolowitsch a écrit :
>> > Peter maybe,  i have found the error.
>> >
>> > There is a bug in 1.4beta
>> >
>> > If suricata will stopped or restarted, the old processes always active
>> > and new processes will generated therefore this errormessage.
>>
>>  How long are you waiting for suricata to get dead ? The time it takes to
>> get down may have increase between 1.3.1 and 1.4beta1.
>>
>> Could you wait a bit to see if it is leaving ?
>>
>> BR,
>>
>> >
>> > On v1.3.1 ist see this error not.
>> >
>> >
>> >
>> > Best regards
>> >
>> > Stefan
>> >
>> >
>> >
>> >
>> >
>> > Von: Peter Manev [mailto:petermanev at gmail.com]
>> > Gesendet: Samstag, 8. September 2012 09:11
>> > An: Stefan Sabolowitsch
>> > Cc: oisf-users at openinfosecfoundation.org
>> > Betreff: Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1
>> > an latest v1.4beta
>> >
>> >
>> >
>> > Hi,
>> >
>> > I don't understand - you are getting:
>> > "thread - "RxPcapbr01".  Killing engine."
>> >
>> > but everything is ok?
>> >
>> > thanks
>> >
>> > On Fri, Sep 7, 2012 at 5:54 PM, Stefan Sabolowitsch
>> > <Stefan.Sabolowitsch at felten-group.com> wrote:
>> >
>> > Hi all,
>> > i get this error code on on v1.3.1 an latest v1.4beta.
>> >
>> > 7/9/2012 -- 15:35:27 - (tm-threads.c:1687) <Error>
>> > (TmThreadDisableThreadsWithTMS) -- [ERRCODE: SC_ERR_FATAL(177)] -
>> > Engine unable to disable detect
>> > thread - "RxPcapbr01".  Killing engine.
>> >
>> > But it seems everything is OK ??
>> > Any idea ?
>> >
>> > Thanks
>> > Stefan
>> > _______________________________________________
>> > Oisf-users mailing list
>> > Oisf-users at openinfosecfoundation.org
>> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > Regards,
>> >
>> >
>> > Peter Manev
>> >
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Oisf-users mailing list
>> > Oisf-users at openinfosecfoundation.org
>> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> --
>>  Eric Leblond
>> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
>>
>
>
>
> --
> Regards,
> Peter Manev
>
>


-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120908/4009845c/attachment-0002.html>


More information about the Oisf-users mailing list