[Oisf-users] suri 3.1dev second session / instance crash
Eric Leblond
eric at regit.org
Thu Sep 15 06:10:39 UTC 2016
Hello,
On Thu, 2016-09-15 at 05:34 +0000, Stefan Sabolowitsch wrote:
> Hi there,
> i upgradet from 2.x to the latest 3.1 dev. with a complete new
> suricata.yaml file.
> After this upgarde, i can only start one suricata instance.
>
> The error logfile:
> xecuting: suricata --user sguil --group sguil -c /etc/nsm/Serrig-
> DMZ/suricata.yaml -i eth10 -l /nsm/sensor_data/Serrig-DMZ --runmode
> autofp
In version 3.1 the -i option switches to AF_PACKET capture to speed up
things. One side effect of activation of fanout capture is this kind of
problem.
So to fix it, you can or use the --pcap option that will really use
pcap capture. Or you can open the yaml and set af-packet threads value
to 1.
BR,
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list