[Oisf-users] suri 3.1dev second session / instance crash
Stefan Sabolowitsch
Stefan.Sabolowitsch at felten-group.com
Thu Sep 15 16:26:10 UTC 2016
thanks Eric,
option --pcap solve this problem.
Regards
Stefan
-----Ursprüngliche Nachricht-----
Von: Eric Leblond [mailto:eric at regit.org]
Gesendet: Donnerstag, 15. September 2016 08:11
An: Stefan Sabolowitsch <Stefan.Sabolowitsch at felten-group.com>; oisf-users at lists.openinfosecfoundation.org
Betreff: Re: [Oisf-users] suri 3.1dev second session / instance crash
Hello,
On Thu, 2016-09-15 at 05:34 +0000, Stefan Sabolowitsch wrote:
> Hi there,
> i upgradet from 2.x to the latest 3.1 dev. with a complete new
> suricata.yaml file.
> After this upgarde, i can only start one suricata instance.
>
> The error logfile:
> xecuting: suricata --user sguil --group sguil -c /etc/nsm/Serrig-
> DMZ/suricata.yaml -i eth10 -l /nsm/sensor_data/Serrig-DMZ --runmode
> autofp
In version 3.1 the -i option switches to AF_PACKET capture to speed up things. One side effect of activation of fanout capture is this kind of problem.
So to fix it, you can or use the --pcap option that will really use pcap capture. Or you can open the yaml and set af-packet threads value to 1.
BR,
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list