[Oisf-users] Suricata process goes down from time to time

Peter Manev petermanev at gmail.com
Wed Jun 12 07:09:41 UTC 2013 

On Wed, Jun 12, 2013 at 7:51 AM, C. L. Martinez <carlopmart at gmail.com>wrote:

> On Mon, Jun 10, 2013 at 7:53 AM, C. L. Martinez <carlopmart at gmail.com>
> wrote:
> > On Mon, Jun 10, 2013 at 7:47 AM, Victor Julien <lists at inliniac.net>
> wrote:
> >> On 06/10/2013 09:38 AM, C. L. Martinez wrote:
> >>> On Mon, Jun 10, 2013 at 7:38 AM, Peter Manev <petermanev at gmail.com>
> wrote:
> >>>> On Mon, Jun 10, 2013 at 9:36 AM, C. L. Martinez <carlopmart at gmail.com>
> wrote:
> >>>>> Hi all,
> >>>>>
> >>>>>  I have installed Suricata 1.4.2 in an OpenBSD 5.3 amd64 host. From
> >>>>> time to time, suricata goes down and I suspect that the problem maybe
> >>>>> is with memcap options but I am not to be sure.
> >>>>>
> >>>>>  It doesn't produces any core dump, only goes down ... How can I
> debug this??
> >>>>> _______________________________________________
> >>>>> Suricata IDS Users mailing list:
> oisf-users at openinfosecfoundation.org
> >>>>> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> >>>>> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >>>>> OISF: http://www.openinfosecfoundation.org/
> >>>>
> >>>>
> >>>> Hi ,
> >>>>
> >>>> What do you mean "goes down" - stops/exits?
> >>>>
> >>>> thanks
> >>>>
> >>>>
> >>>> --
> >>>> Regards,
> >>>> Peter Manev
> >>>
> >>> stops ... and no log error is produced ...
> >>
> >> The first thing I'd check if there is anything logged in the system
> >> logs. In Linux a crashing program is often logged in dmesg for example,
> >> maybe openbsd does something similar?
> >>
> >> Also, try not daemonizing suricata, but run it in the foreground. Then
> >> you'll see if suri prints some error.
> >>
> maximum: 16777216
> 12/6/2013 -- 05:48:29 - <Info> - cleaning up signature grouping
> structure... complete
>
> suricata process doesn't stops ... It seems the problem only appears
> when I run suricata in daemonized mode ...
>

1. I see a "live rule swap" - could you try running it without the live
swaps?
2. what does suricata.log say when you run it in daemon mode and it stops?

thanks

>
> Is this possible??
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130612/1f72a827/attachment-0002.html>

More information about the Oisf-users mailing list