[Oisf-users] Suricata restart hard lock?

Andreas Herz andi at geekosphere.org
Sat Jun 11 23:18:00 UTC 2016 

Please reply to the mailinglist, so it won't get lost!

On 01/06/16 at 00:05, John Daly wrote:
> On Tue, May 31, 2016 at 3:55 PM Andreas Herz <andi at geekosphere.org> wrote:
> 
> > On 31/05/16 at 22:33, John Daly wrote:
> > > On Tue, May 31, 2016 at 3:25 PM Andreas Herz <andi at geekosphere.org>
> > wrote:
> > >
> > > > On 31/05/16 at 22:19, John Daly wrote:
> > > > > Hi all,
> > > > >
> > > > > I'm experiencing hard locks when I stop Suricata or try to restart
> > > > > Suricata. Is anyone else experiencing this?
> > > >
> > > > Can you post the suricata.log or verbose output?
> > > > --build-info as well?
> > > >
> > >
> > > suricata.log
> > > ---------------
> > >
> > > 31/5/2016 -- 22:17:17 - <Notice> - This is Suricata version 3.0.1 RELEASE
> > > 31/5/2016 -- 22:17:24 - <Warning> - [ERRCODE:
> > SC_ERR_DEPRECATED_CONF(274)]
> > > - Found deprecated eve-log setting "sensor-name". Please set sensor-name
> > > globally.
> > > 31/5/2016 -- 22:17:24 - <Error> - [ERRCODE: SC_ERR_NETMAP_CREATE(263)] -
> > > Unable to set flags for iface "ens3f0": Operation not permitted
> > > 31/5/2016 -- 22:17:37 - <Notice> - all 28 packet processing threads, 4
> > > management threads initialized, engine started.
> >
> > You might want to fix those errors, especiall the second one :)
> >
> 
> Agreed. That said, not too sure what the second one means. I'm guessing its
> a permissions issue (my suricata binary doesn't have POSIX caps to capture
> traffic, but netmap doesn't require them if you chmod /dev/netmap).
> 

Is the .yaml attached the same one that triggers the sensor-name issue
for you?

Rest looks fine so far, but would need to test that on a dedicated
system unless someone else has a running netmap/fedora setup.

> 
> > Can you paste your .yaml somewehere?
> >
> 
> See attached.
> 
> 
> >
> > How do you run suricata (the command)?
> >
> 
> The following systemd service:
> 
> [Unit]
> 
> Description=Suricata NIDS
> After=network.target
> 
> [Service]
> 
> User=root
> Type=forking
> 
> Environment=LD_LIBRARY_PATH=/opt/suricata/lib
> Environment=LD_PRELOAD=/usr/lib64/libtcmalloc_minimal.so.4
> 
> ExecStart=/opt/suricata/bin/suricata --netmap=ens3f0 -c
> /opt/suricata/etc/suricata/suricata.yml -D
> 
> [Install]
> WantedBy=multi-user.target
> 
> 
> 
> >
> > --
> > Andreas Herz
> >



-- 
Andreas Herz

More information about the Oisf-users mailing list