[Oisf-users] Tuning Suricata (2.0beta1) -- no rules and lots of packet loss

Cooper F. Nelson cnelson at ucsd.edu
Thu Aug 22 18:46:07 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What's the output from dmesg?  Should look something like this:

> [1525919.721081] AFPacketeth210[8248]: segfault at 7f9e65034f18 ip 00007f9e6f9cc09b sp 00007f9e65034f20 error 6 in libc-2.17.so[7f9e6f9a8000+1a2000]
> [2311120.202527] AFPacketeth21[7580]: segfault at 0 ip           (null) sp 00007fc63f115b08 error 14
> [2393949.102430] AFPacketeth29[21112]: segfault at 7f10f75bff18 ip 00007f111d39209b sp 00007f10f75bff20 error 6 in libc-2.17.so[7f111d36e000+1a2000]
> [2617647.544974] AFPacketeth214[3332]: segfault at 0 ip           (null) sp 00007f3e3d4b9b08 error 14

I'm having some issues like this myself.  Best advice I can give right
now is to lower your timeouts as much as possible.

- -Coop

On 8/22/2013 11:42 AM, Tritium Cat wrote:
> Too bad.. after an hour it crashed.
> 
> #############################################################################################################################
> Date: 8/22/2013 -- 01:14:59 (uptime: 0d, 00h 51m 07s)
> #############################################################################################################################
> 
> 22/8/2013 -- 00:24:41 - <Info> - AF_PACKET RX Ring params: block_size=32768
> block_nr=15001 frame_size=1568 frame_nr=300020
> 22/8/2013 -- 00:24:41 - <Info> - Using interface 'eth6' via socket 41
> 22/8/2013 -- 00:24:41 - <Info> - All AFP capture threads are running.
> 22/8/2013 -- 00:24:41 - <Info> - Thread AFPacketeth612 using socket 41
> 
> 
> Segmentation fault (core dumped)
> 
> 
> --TC
> 
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
> 


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSFlxvAAoJEKIFRYQsa8FWAuUH/jDK1xYS2M9Q7hchvlKU6XhW
1kvgKUYBxzi/3/v4bbYiS/RkRojmCICzCxG3/0NGagt1OO1Alg7aX7N5Suhr+jcY
8cq9FJQyMqcOrN8I4ZlIpprZmqnko3g5ZOzGjMMUoxqT60DuraXL3U7VJhoY4H07
OjgJvAY2yIqh1hFcrCBqKUKX7g8UaUE1/gF8+rbHlj4GLKX7aVllBMD17emB7byi
zHYm4F53ucffKc60xzBcdZo//ILlJrht9uBQkdbudztw3S30pK0N2j6WJ5aCz9ru
zHjLUVDoG83r2Qz9obbyqf3EGTZ+QIz7sAJ86xcdxSXmY8LyPAUUDmxyP7/kjdA=
=NpSU
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list