[Oisf-users] Suricata Hungs
Peter Manev
petermanev at gmail.com
Mon Nov 19 17:35:38 UTC 2018
On Mon, Nov 19, 2018 at 6:25 PM Michael Tsukanov <zukinzin at gmail.com> wrote:
>
> Friends,
> we've faced an issue with suricata running in inline mode.
>
> Could you please help us to find the root cause of the issue or determinate any useful metrics which we may use for investigation.
>
> It may works 1-3 days, then we loose the access to switch behind the Suricata and Internet in the office.
>
Is it possible some rule triggers that condition ?
> Suricata is placed between ASA and root switch
> We use FreeBSD 11.2, Suricata 4.0.5 with Netmap (but also faced this situation with Ubuntu and AF_Packets in other location). The server has I350 Ethernet adapters, 16Gb RAM, i5 cpu.
Could you share a bit more information with regards to the set up (ex
config/start line etc...) and logs when that hapens -
stats.log/suricata.log - for the af-packet set up for example ?
> We use one /16 net as HOME_NET in suricata.yaml. The Internet channel is 80Mbps
>
> Thank you in advance
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list