[Oisf-users] Battling segfaults on 3.2.1

Cloherty, Sean E scloherty at mitre.org
Thu Apr 20 15:59:48 UTC 2017


As suggested - I recompiled Suricata with the debug option flag enabled per the instruction online.  The work was completed late Friday, and naturally there has not been a segfault nor a trap since.

I am posting this update in an attempt to tempt fate and cause a segfaults for analysis.  Like a washing your car will induce rain, or a lighting a cigarette will make the bus arrive early, I expect it will be effective.


-----Original Message-----
From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Cloherty, Sean E
Sent: Thursday, April 13, 2017 15:57 PM
To: Cooper F. Nelson <cnelson at ucsd.edu>; oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Battling segfaults on 3.2.1

In the app-layer section -

app-layer:
  protocols:
    http:
      enabled: yes
      memcap: 4gb

-----Original Message-----
From: Cooper F. Nelson [mailto:cnelson at ucsd.edu]
Sent: Thursday, April 13, 2017 12:20 PM
To: Cloherty, Sean E <scloherty at mitre.org>; oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Battling segfaults on 3.2.1

What do you mean http memcap?  The request and response body-limit settings?

-Coop

On 4/12/2017 9:18 AM, Cloherty, Sean E wrote:
> Also, one system had 2gb vs. 4gb for the http memcap in the app layer 
> protocol config.


--
Cooper Nelson
IT Security - Information Technology Services University of California San Diego
(858) 534-6487 - cnelson at ucsd.edu
https://cybersecurity.ucsd.edu

_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


More information about the Oisf-users mailing list