[Oisf-users] Battling segfaults on 3.2.1

Cloherty, Sean E scloherty at mitre.org
Thu Apr 13 14:30:01 UTC 2017

I build the binaries directly on the host it will run on.

Yet another oddity is that I have the same build running on a test box that has almost entirely the same hardware (less disk IIRC) and it is not having the issue.  It is also getting traffic at rates higher than the faulting box (the faulting box and another hosts tap output sources are combined and sent to a single interface on the test box).

The major differences in the yaml are the:

* http memcap at 4gb vs. 2gb for non-faulting box
* Trailing forward slash on the default-log-dir value on faulting box
* Unified2-alert is set to overwrite on the faulting box vs. extra-data on the 
* On the non-faulting box, one network vars includes a /24 which is part of an existing /20 in the same variable

Will recompiling cause any issues with normal functioning-  that is to say will the alerts still fire?

-----Original Message-----
From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Victor Julien
Sent: Thursday, April 13, 2017 09:31 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Battling segfaults on 3.2.1

On 13-04-17 15:25, Cloherty, Sean E wrote:
> Here is the build info:
>   CFLAGS                                   -g -O2 -march=native

Are you building the binary on the sensor or on another box? If on another box, it may be necessary to pass --disable-gccmarch-native to configure.

Please see
it shows how to get the info we need to figure out this issue.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

More information about the Oisf-users mailing list