[Oisf-users] suri 3.1dev second session / instance crash

Cloherty, Sean E scloherty at mitre.org
Thu Sep 15 15:25:05 UTC 2016


Stefan –

I think I’ve seen that in the past when using older kernels from RHEL 5 and 6 when Suricata isn’t running as root.

Also, there seems to be an error regarding file access tucked in there for – “/usr/local/etc/sur“ – is that a typo ?

From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Stefan Sabolowitsch
Sent: Thursday, September 15, 2016 01:34 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] suri 3.1dev second session / instance crash

Hi there,
i upgradet from 2.x to the latest 3.1 dev. with a complete new suricata.yaml file.
After this upgarde, i can only start one suricata instance.

The  error logfile:
xecuting: suricata --user sguil --group sguil -c /etc/nsm/Serrig-DMZ/suricata.yaml -i eth10 -l /nsm/sensor_data/Serrig-DMZ --runmode autofp
21866] 14/9/2016 -- 13:51:49 - (suricata.c:1086) <Notice> (SCPrintVersion) -- This is Suricata version 3.1dev (rev ae11687)
[21866] 14/9/2016 -- 13:51:58 - (util-threshold-config.c:156) <Warning> (SCThresholdConfInitContext) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/usr/local/etc/sur
[21866] 14/9/2016 -- 13:51:58 - (tm-threads.c:2168) <Notice> (TmThreadWaitOnThreadInit) -- all 8 packet processing threads, 4 management threads initialized, engine started.
[21930] 14/9/2016 -- 13:51:58 - (source-af-packet.c:1930) <Error> (AFPCreateSocket) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argument
[21930] 14/9/2016 -- 13:51:58 - (source-af-packet.c:1337) <Error> (ReceiveAFPLoop) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
[21866] 14/9/2016 -- 13:51:58 - (suricata.c:2665) <Notice> (main) -- Signal Received.  Stopping engine.
[21932] 14/9/2016 -- 13:51:58 - (source-af-packet.c:1930) <Error> (AFPCreateSocket) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argument
[21931] 14/9/2016 -- 13:51:58 - (source-af-packet.c:1930) <Error> (AFPCreateSocket) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argument
[21932] 14/9/2016 -- 13:51:58 - (source-af-packet.c:1337) <Error> (ReceiveAFPLoop) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
[21933] 14/9/2016 -- 13:51:58 - (source-af-packet.c:1930) <Error> (AFPCreateSocket) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argument
[21933] 14/9/2016 -- 13:51:58 - (source-af-packet.c:1337) <Error> (ReceiveAFPLoop) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
[21931] 14/9/2016 -- 13:51:58 - (source-af-packet.c:1337) <Error> (ReceiveAFPLoop) -- [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
[21866] 14/9/2016 -- 13:51:58 - (util-device.c:265) <Notice> (LiveDeviceListClean) -- Stats for 'eth10':  pkts: 0, drop: 0 (-nan%), invalid chksum: 0

Any help here ?
Thx
Stefan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160915/50301fb1/attachment-0002.html>


More information about the Oisf-users mailing list