[Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an latest v1.4beta

Peter Manev petermanev at gmail.com
Sat Sep 8 14:47:25 UTC 2012 

np, glad if you make it work :)

On Sat, Sep 8, 2012 at 4:41 PM, Stefan Sabolowitsch <
Stefan.Sabolowitsch at felten-group.com> wrote:

>  Hi Peter, Eric,
>
>
> >>I remember Martin Holste saying something about pgrep...that "pgrep
> suricata"
> >>would not grep Suricata 1.4xxx, one would have to do "pgrep Suricata" -
> could that be some sort of an issue?
>
> Ahhhh, i will test
> # check if PID already running
>         if [ -z "${PID}" ] || [ $(ps -ef | grep $APP | grep $PID | grep -v
> grep | wc -l) -eq 0 ]
>         then
>
> big thanks for your hints and tips :)
>
> Stefan
>
>  ------------------------------
> *Von:* Peter Manev [petermanev at gmail.com]
> *Gesendet:* Samstag, 8. September 2012 16:35
> *Bis:* Stefan Sabolowitsch
> *Cc:* Eric Leblond; oisf-users at openinfosecfoundation.org
>
> *Betreff:* Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1 an
> latest v1.4beta
>
>  Hi Stefan,
>
> could it be a nsm-sensor issue?
> I havn't had that problem with just restarting Suricata, what does
> "nsm-sensor --restart" do , the code/shell script itself?
>
> I remember Martin Holste saying something about pgrep...that "pgrep
> suricata"  would not grep Suricata 1.4xxx, one would have to do "pgrep
> Suricata" - could that be some sort of an issue?
>
> thank you
>
>
> On Sat, Sep 8, 2012 at 4:30 PM, Stefan Sabolowitsch <
> Stefan.Sabolowitsch at felten-group.com> wrote:
>
>>  Hi Peter, Eric
>> i use NSMNow from SecurixLive with sguil.
>>
>> http://www.securixlive.com/nsmnow/index.php
>>
>> When i take "nsm-sensor --restart" (example update rules set), then i get
>> this problem with 1.4beta (not with v1.3.1).
>>
>> Best regards
>> Stefan
>>  ------------------------------
>> *Von:* Peter Manev [petermanev at gmail.com]
>> *Gesendet:* Samstag, 8. September 2012 16:22
>> *Bis:* Eric Leblond
>> *Cc:* Stefan Sabolowitsch; oisf-users at openinfosecfoundation.org
>>
>> *Betreff:* Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1
>> an latest v1.4beta
>>
>>   Hi Stefan,
>>
>> I have not experienced the same problem.
>> You mean - you stop Suricata - "Ctrl-C" or you kill the process ?
>>
>> thanks
>>
>> On Sat, Sep 8, 2012 at 3:17 PM, Eric Leblond <eric at regit.org> wrote:
>>
>>> Hi,
>>>
>>> Le samedi 08 septembre 2012 à 12:50 +0000, Stefan Sabolowitsch a écrit :
>>> > Peter maybe,  i have found the error.
>>> >
>>> > There is a bug in 1.4beta
>>> >
>>> > If suricata will stopped or restarted, the old processes always active
>>> > and new processes will generated therefore this errormessage.
>>>
>>>  How long are you waiting for suricata to get dead ? The time it takes to
>>> get down may have increase between 1.3.1 and 1.4beta1.
>>>
>>> Could you wait a bit to see if it is leaving ?
>>>
>>> BR,
>>>
>>> >
>>> > On v1.3.1 ist see this error not.
>>> >
>>> >
>>> >
>>> > Best regards
>>> >
>>> > Stefan
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > Von: Peter Manev [mailto:petermanev at gmail.com]
>>> > Gesendet: Samstag, 8. September 2012 09:11
>>> > An: Stefan Sabolowitsch
>>> > Cc: oisf-users at openinfosecfoundation.org
>>> > Betreff: Re: [Oisf-users] get [ERRCODE: SC_ERR_FATAL(177)] on v1.3.1
>>> > an latest v1.4beta
>>> >
>>> >
>>> >
>>> > Hi,
>>> >
>>> > I don't understand - you are getting:
>>> > "thread - "RxPcapbr01".  Killing engine."
>>> >
>>> > but everything is ok?
>>> >
>>> > thanks
>>> >
>>> > On Fri, Sep 7, 2012 at 5:54 PM, Stefan Sabolowitsch
>>> > <Stefan.Sabolowitsch at felten-group.com> wrote:
>>> >
>>> > Hi all,
>>> > i get this error code on on v1.3.1 an latest v1.4beta.
>>> >
>>> > 7/9/2012 -- 15:35:27 - (tm-threads.c:1687) <Error>
>>> > (TmThreadDisableThreadsWithTMS) -- [ERRCODE: SC_ERR_FATAL(177)] -
>>> > Engine unable to disable detect
>>> > thread - "RxPcapbr01".  Killing engine.
>>> >
>>> > But it seems everything is OK ??
>>> > Any idea ?
>>> >
>>> > Thanks
>>> > Stefan
>>> > _______________________________________________
>>> > Oisf-users mailing list
>>> > Oisf-users at openinfosecfoundation.org
>>> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> >
>>> > Regards,
>>> >
>>> >
>>> > Peter Manev
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > _______________________________________________
>>> > Oisf-users mailing list
>>> > Oisf-users at openinfosecfoundation.org
>>> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>> --
>>>  Eric Leblond
>>> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
>>>
>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>>
>>
>
>
> --
> Regards,
> Peter Manev
>
>


-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120908/ab4e65f4/attachment-0002.html>

More information about the Oisf-users mailing list