[Oisf-users] Battling segfaults on 3.2.1

Peter Manev petermanev at gmail.com
Tue Apr 18 21:24:10 UTC 2017


On Thu, Apr 13, 2017 at 4:30 PM, Cloherty, Sean E <scloherty at mitre.org> wrote:
> I build the binaries directly on the host it will run on.
>
> Yet another oddity is that I have the same build running on a test box that has almost entirely the same hardware (less disk IIRC) and it is not having the issue.  It is also getting traffic at rates higher than the faulting box (the faulting box and another hosts tap output sources are combined and sent to a single interface on the test box).
>
> The major differences in the yaml are the:
>
> * http memcap at 4gb vs. 2gb for non-faulting box
> * Trailing forward slash on the default-log-dir value on faulting box
> * Unified2-alert is set to overwrite on the faulting box vs. extra-data on the
> * On the non-faulting box, one network vars includes a /24 which is part of an existing /20 in the same variable
>
> Will recompiling cause any issues with normal functioning-  that is to say will the alerts still fire?

The alerts will still fire - though there will be a drop in
performance (you most likely will be missing a few alerts) - it is the
info from that backtrace that can be very helpful in terms of helping
the devs in understanding the issue though.

>
> -----Original Message-----
> From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Victor Julien
> Sent: Thursday, April 13, 2017 09:31 AM
> To: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Battling segfaults on 3.2.1
>
> On 13-04-17 15:25, Cloherty, Sean E wrote:
>> Here is the build info:
> ...
>>
>>   CFLAGS                                   -g -O2 -march=native
>
> Are you building the binary on the sensor or on another box? If on another box, it may be necessary to pass --disable-gccmarch-native to configure.
>
> Please see
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs,
> it shows how to get the info we need to figure out this issue.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list