[Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an latest v1.4beta
Stefan Sabolowitsch
Stefan.Sabolowitsch at felten-group.com
Sat Sep 8 14:41:10 UTC 2012
Hi Peter, Eric,
>>I remember Martin Holste saying something about pgrep...that "pgrep suricata"
>>would not grep Suricata 1.4xxx, one would have to do "pgrep Suricata" - could that be some sort of an issue?
Ahhhh, i will test
# check if PID already running
if [ -z "${PID}" ] || [ $(ps -ef | grep $APP | grep $PID | grep -v grep | wc -l) -eq 0 ]
then
big thanks for your hints and tips :)
Stefan
________________________________
Von: Peter Manev [petermanev at gmail.com]
Gesendet: Samstag, 8. September 2012 16:35
Bis: Stefan Sabolowitsch
Cc: Eric Leblond; oisf-users at openinfosecfoundation.org
Betreff: Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an latest v1.4beta
Hi Stefan,
could it be a nsm-sensor issue?
I havn't had that problem with just restarting Suricata, what does "nsm-sensor --restart" do , the code/shell script itself?
I remember Martin Holste saying something about pgrep...that "pgrep suricata" would not grep Suricata 1.4xxx, one would have to do "pgrep Suricata" - could that be some sort of an issue?
thank you
On Sat, Sep 8, 2012 at 4:30 PM, Stefan Sabolowitsch <Stefan.Sabolowitsch at felten-group.com<mailto:Stefan.Sabolowitsch at felten-group.com>> wrote:
Hi Peter, Eric
i use NSMNow from SecurixLive with sguil.
http://www.securixlive.com/nsmnow/index.php
When i take "nsm-sensor --restart" (example update rules set), then i get this problem with 1.4beta (not with v1.3.1).
Best regards
Stefan
________________________________
Von: Peter Manev [petermanev at gmail.com<mailto:petermanev at gmail.com>]
Gesendet: Samstag, 8. September 2012 16:22
Bis: Eric Leblond
Cc: Stefan Sabolowitsch; oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
Betreff: Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an latest v1.4beta
Hi Stefan,
I have not experienced the same problem.
You mean - you stop Suricata - "Ctrl-C" or you kill the process ?
thanks
On Sat, Sep 8, 2012 at 3:17 PM, Eric Leblond <eric at regit.org<mailto:eric at regit.org>> wrote:
Hi,
Le samedi 08 septembre 2012 à 12:50 +0000, Stefan Sabolowitsch a écrit :
> Peter maybe, i have found the error.
>
> There is a bug in 1.4beta
>
> If suricata will stopped or restarted, the old processes always active
> and new processes will generated therefore this errormessage.
How long are you waiting for suricata to get dead ? The time it takes to
get down may have increase between 1.3.1 and 1.4beta1.
Could you wait a bit to see if it is leaving ?
BR,
>
> On v1.3.1 ist see this error not.
>
>
>
> Best regards
>
> Stefan
>
>
>
>
>
> Von: Peter Manev [mailto:petermanev at gmail.com<mailto:petermanev at gmail.com>]
> Gesendet: Samstag, 8. September 2012 09:11
> An: Stefan Sabolowitsch
> Cc: oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
> Betreff: Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1
> an latest v1.4beta
>
>
>
> Hi,
>
> I don't understand - you are getting:
> "thread - "RxPcapbr01". Killing engine."
>
> but everything is ok?
>
> thanks
>
> On Fri, Sep 7, 2012 at 5:54 PM, Stefan Sabolowitsch
> <Stefan.Sabolowitsch at felten-group.com<mailto:Stefan.Sabolowitsch at felten-group.com>> wrote:
>
> Hi all,
> i get this error code on on v1.3.1 an latest v1.4beta.
>
> 7/9/2012 -- 15:35:27 - (tm-threads.c:1687) <Error>
> (TmThreadDisableThreadsWithTMS) -- [ERRCODE: SC_ERR_FATAL(177)] -
> Engine unable to disable detect
> thread - "RxPcapbr01". Killing engine.
>
> But it seems everything is OK ??
> Any idea ?
>
> Thanks
> Stefan
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org<mailto:Oisf-users at openinfosecfoundation.org>
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
>
>
> --
>
> Regards,
>
>
> Peter Manev
>
>
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org<mailto:Oisf-users at openinfosecfoundation.org>
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
--
Eric Leblond
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
--
Regards,
Peter Manev
--
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120908/457eff1a/attachment-0002.html>
More information about the Oisf-users
mailing list