[Oisf-users] Recommend version of 'file/libmagic' for suricata?

Anoop Saldanha anoopsaldanha at gmail.com
Fri Jul 19 03:49:45 UTC 2013


Cooper,

What's your current hardware spec?

On Fri, Jul 19, 2013 at 2:05 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Victor,
>
> I managed to run some tests again on my rebuilt sensor and against the
> 2.0 suricata beta.
>
> In the process I went over all the suricata.yaml settings and ended up
> setting much more aggressive flow timeouts.  I've run with this config
> for a few hours with no segfaults or wedged processes.  The DNS parser
> is enabled as well.  The only real issue is that my sensor peaks at
> ~100% cpu utilization, so I need to look into getting some new hardware.
>
> - -Coop
>
> On 7/11/2013 1:14 AM, Victor Julien wrote:
>> On 07/11/2013 09:04 AM, Cooper F. Nelson wrote:
>>> *But*, I did see a segfault now.  I think I have the reassembly
>>> depth too high, so I'll lower it a bit.  Here is the error
>>> message:
>>
>>>> [130320.425920] AFPacketeth210[30006]: segfault at 7fdb38cb9f28
>>>> ip 00007fdb43f2ab3f sp 00007fdb38cb9f30 error 6 in
>>>> libc-2.15.so[7fdb43f07000+19f000]
>>
>> Can you post the full backtrace? Regardless of your reassembly depth
>> you shouldn't be seeing segvs.
>>
>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJR6FGKAAoJEKIFRYQsa8FWKXgIAIZjRvTIve1Q9UEQfDUwakrl
> MaG+9jkpU3Q1l042n4SGA0oVg7ku+2AMVg8t1GZVXiaAwvVmV7LHN7gPbwHIAe0M
> SMKPKvXDXkOkKcvvVKYL5Ph4jy4eADoDwZamaVTOLCUzREDkdo8zOeqQjbfWHCMb
> ROfTrZZx6934gmAA9eUFqlPdS056QK7AgzLDkmIfxpAAICJs4F9smTWWhlqx/HNe
> 17Od0H3iW8h+E2qhW0bfAupfL73WsgFsist6hI8hJEKnaCwkIqbLVrAyAl3jl5yy
> asfExzI2vcVTjarcfVAaAgN7ipLPo0mqzkaTd18s00NvTTF9wUi+8YfIIeXqVqI=
> =NbTX
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/



-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------



More information about the Oisf-users mailing list