[Oisf-users] Suricata 4.0.3 with Napatech problems
Steve Castellarin
steve.castellarin at gmail.com
Wed Jan 10 18:08:54 UTC 2018
All,
I've been running Suricata 3.1.1 (with Hyperscan) on an Ubuntu 14.04.5
64bit system with an older Napatech driver set for quite a while with no
issues. The system is running dual E5-2660 v3 @2.60Ghz processors with
128Gb of memory. I've gone ahead and upgraded the Napatech drivers to
10.0.4 and downloaded/compiled Suricata 4.0.3. I've done the best I can to
copy configuration settings from the 3.1.1 suricata.yaml to the 4.0.3
suricata.yaml. I run Suricata by issuing:
/usr/bin/suricata -c /etc/suricata/suricata.yaml --napatech --runmode
workers -D
I continue to see issues where Suricata will run for a time when I notice
one of the CPUs hitting 100%, and stay there. Then when running Napatech's
"profiling" command I'll see one of the host buffers dropping 100% of the
packets. As time goes along another CPU/host buffer will have the same
issue, etc, etc.
I've been banging my head over this for a couple weeks with no success,
other than killing the Suricata process then restarting - to only have this
issue crop up again.
One thing I notice, when I issue the "kill `pidof suricata`" Suricata will
take a while to end gracefully. But, it leaves the PID file behind in
/var/run.
Any ideas on how to attack this, before I have to roll back my upgrade?
Thanks!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180110/71a1dd46/attachment.html>
More information about the Oisf-users
mailing list