[Oisf-users] Bug: suricata won't terminate in runmode: auto
Victor Julien
lists at inliniac.net
Mon Nov 30 11:42:07 UTC 2015
On 30-11-15 11:16, elof2 at sentor.se wrote:
>>> 27/11/2015 -- 15:17:58 - <Notice> - all 16 packet processing threads, 3
>>> management threads initialized, engine started.
>>>
>>> So far everything is good. Suricata is inspecting the incoming traffic.
>>> When I now press ctrl-c, it starts to terminate like this:
>>>
>>> ^C27/11/2015 -- 16:47:34 - <Notice> - Signal Received. Stopping engine.
>>> 27/11/2015 -- 16:47:34 - <Info> - 0 new flows, 0 established flows were
>>> timed out, 0 flows in closed state
>>> ^C^C^C^C^C
>>> ^C^C^C^C
>>>
>>> ...but it won't die.
>>> I press ctrl-c some more. Nope.
>>> I wait a few minutes. Nope.
>>
>> Is there traffic passing through the sniffing interface in that case
>> scenario ?
>
> Yes, I've pressed ctrl-c both when there's traffic flowing on ix1 as
> well as when it is completely silent. Same result.
> (I also get the same result if I start suricata and then press ctrl-c
> after a few seconds without it having seen a single packet).
I recommend not using 'auto', it has a bunch of fundamental flaws
leading to bad detection and some other issues.
In the 3.0 branch it's been removed.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list