[Oisf-users] Recommend version of 'file/libmagic' for suricata?

Cooper F. Nelson cnelson at ucsd.edu
Thu Jul 18 20:35:22 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Victor,

I managed to run some tests again on my rebuilt sensor and against the
2.0 suricata beta.

In the process I went over all the suricata.yaml settings and ended up
setting much more aggressive flow timeouts.  I've run with this config
for a few hours with no segfaults or wedged processes.  The DNS parser
is enabled as well.  The only real issue is that my sensor peaks at
~100% cpu utilization, so I need to look into getting some new hardware.

- -Coop

On 7/11/2013 1:14 AM, Victor Julien wrote:
> On 07/11/2013 09:04 AM, Cooper F. Nelson wrote:
>> *But*, I did see a segfault now.  I think I have the reassembly
>> depth too high, so I'll lower it a bit.  Here is the error
>> message:
> 
>>> [130320.425920] AFPacketeth210[30006]: segfault at 7fdb38cb9f28
>>> ip 00007fdb43f2ab3f sp 00007fdb38cb9f30 error 6 in
>>> libc-2.15.so[7fdb43f07000+19f000]
> 
> Can you post the full backtrace? Regardless of your reassembly depth
> you shouldn't be seeing segvs.
> 
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
> 

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR6FGKAAoJEKIFRYQsa8FWKXgIAIZjRvTIve1Q9UEQfDUwakrl
MaG+9jkpU3Q1l042n4SGA0oVg7ku+2AMVg8t1GZVXiaAwvVmV7LHN7gPbwHIAe0M
SMKPKvXDXkOkKcvvVKYL5Ph4jy4eADoDwZamaVTOLCUzREDkdo8zOeqQjbfWHCMb
ROfTrZZx6934gmAA9eUFqlPdS056QK7AgzLDkmIfxpAAICJs4F9smTWWhlqx/HNe
17Od0H3iW8h+E2qhW0bfAupfL73WsgFsist6hI8hJEKnaCwkIqbLVrAyAl3jl5yy
asfExzI2vcVTjarcfVAaAgN7ipLPo0mqzkaTd18s00NvTTF9wUi+8YfIIeXqVqI=
=NbTX
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list