[Oisf-users] Bug: suricata won't terminate in runmode: auto
elof2 at sentor.se
elof2 at sentor.se
Mon Nov 30 12:14:55 UTC 2015
On Mon, 30 Nov 2015, Victor Julien wrote:
> On 30-11-15 11:16, elof2 at sentor.se wrote:
>>>> 27/11/2015 -- 15:17:58 - <Notice> - all 16 packet processing threads, 3
>>>> management threads initialized, engine started.
>>>>
>>>> So far everything is good. Suricata is inspecting the incoming traffic.
>>>> When I now press ctrl-c, it starts to terminate like this:
>>>>
>>>> ^C27/11/2015 -- 16:47:34 - <Notice> - Signal Received. Stopping engine.
>>>> 27/11/2015 -- 16:47:34 - <Info> - 0 new flows, 0 established flows were
>>>> timed out, 0 flows in closed state
>>>> ^C^C^C^C^C
>>>> ^C^C^C^C
>>>>
>>>> ...but it won't die.
>>>> I press ctrl-c some more. Nope.
>>>> I wait a few minutes. Nope.
>>>
>>> Is there traffic passing through the sniffing interface in that case
>>> scenario ?
>>
>> Yes, I've pressed ctrl-c both when there's traffic flowing on ix1 as
>> well as when it is completely silent. Same result.
>> (I also get the same result if I start suricata and then press ctrl-c
>> after a few seconds without it having seen a single packet).
>
> I recommend not using 'auto', it has a bunch of fundamental flaws
> leading to bad detection and some other issues.
>
> In the 3.0 branch it's been removed.
If that is so, then my questions in the mail "Runmode autofp vs auto" are
so much more important. Please reply to it (and leave this thread for the
bug discussion).
/Elof
More information about the Oisf-users
mailing list