[Oisf-users] Suffering Simultaneous Suricata Segfaults
Cloherty, Sean E
scloherty at mitre.org
Wed Sep 26 16:55:50 UTC 2018
Some strange voodoo here -
I was troubleshooting instances of Suricata being down on multiple hosts and I found that 2 production hosts running 4.04 and 2 test hosts running 4.05 and 4.1rc1 faulted at roughly the same time. Strangely, 2 additional production hosts running 4.04 on duplicate hardware have not had any issues to date. Below is the outline of what I've been able to put together this morning.
[cid:image002.png at 01D45598.434EBA90]
What is the same across all platforms faulting or not:
All use tpacket v3 & AF-PACKET
All use workers mode
All are in IDS mode
All ingest traffic from Gigamon taps
All are running CentOS 7.5 64bit
All use Intel(R) 10GbE PCI Express Linux Network Driver 5.3.7
All use Intel Corporation 82599ES 10-Gigabit SFI/SFP+
What is different:
NO FAULT: #zero-copy-size: 128
FAULT: zero-copy-size: 128
NO FAULT:
prio:
# low: [ 0 ]
# medium: [ "1-2" ]
# high: [ 3 ]
default: "high"
FAULT:
prio:
low: [ 0 ]
medium: [ "1-2" ]
high: [ 3 ]
default: "high"
Sean Cloherty
Lead InfoSec Engineer/Scientist
MITRE Corporation
office (781) 271-3707
cell (781) 697-8043
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180926/6c540d9e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16550 bytes
Desc: image002.png
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180926/6c540d9e/attachment-0001.png>
More information about the Oisf-users
mailing list