[Oisf-users] Suricata Hungs
Peter Manev
petermanev at gmail.com
Mon Nov 19 17:36:33 UTC 2018
On Mon, Nov 19, 2018 at 6:35 PM Peter Manev <petermanev at gmail.com> wrote:
>
>
> On Mon, Nov 19, 2018 at 6:25 PM Michael Tsukanov <zukinzin at gmail.com> wrote:
> >
> > Friends,
> > we've faced an issue with suricata running in inline mode.
> >
> > Could you please help us to find the root cause of the issue or determinate any useful metrics which we may use for investigation.
> >
> > It may works 1-3 days, then we loose the access to switch behind the Suricata and Internet in the office.
> >
>
> Is it possible some rule triggers that condition ?
>
> > Suricata is placed between ASA and root switch
> > We use FreeBSD 11.2, Suricata 4.0.5 with Netmap (but also faced this situation with Ubuntu and AF_Packets in other location). The server has I350 Ethernet adapters, 16Gb RAM, i5 cpu.
>
> Could you share a bit more information with regards to the set up (ex config/start line etc...) and logs when that hapens - stats.log/suricata.log - for the af-packet set up for example ?
>
Also (sent out the previous mail too fast - apologies ) - do you have
the same problem with Suricata 4.1 ?
> > We use one /16 net as HOME_NET in suricata.yaml. The Internet channel is 80Mbps
> >
> > Thank you in advance
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list