[Oisf-users] Properly installing Suricata-Update on latest version of Suricata

419telegraph298 at protonmail.com 419telegraph298 at protonmail.com
Sun Feb 10 18:27:59 UTC 2019 

It does really eat up the CPU -


18888 root      20   0  128676 124940   6068 R  99.7 13.2   0:08.11 suricata-u+



Sent from ProtonMail, encrypted email based in Switzerland.

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Sunday, February 10, 2019 1:22 PM, <419telegraph298 at protonmail.com> wrote:

> Thanks for the suggestion - I was able to launch auto update with ~/.local/bin/suricata-update
>
> It created a separate rules file from my default at /etc/suricata/rules and then ran into an error:
>
> 10/2/2019 -- 18:17:54 - <Info> -- Creating directory /var/lib/suricata/rules.
> 10/2/2019 -- 18:17:54 - <Info> -- Backing up current rules.
> 10/2/2019 -- 18:17:55 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 26952; enabled: 19552; added: 26952; removed 0; modified: 0
> 10/2/2019 -- 18:17:56 - <Info> -- Testing with suricata -T.
> 10/2/2019 -- 18:19:11 - <Error> -- [ERRCODE: SC_ERR_MEM_ALLOC(1)] - SCMalloc failed: Cannot allocate memory, while trying to allocate 16131584 bytes
> 10/2/2019 -- 18:19:13 - <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - Out of memory. The engine cannot be initialized. Exiting...
> 10/2/2019 -- 18:19:16 - <Error> -- Suricata test failed, aborting.
> 10/2/2019 -- 18:19:16 - <Error> -- Restoring previous rules.
>
> Sent from ProtonMail, encrypted email based in Switzerland.
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Thursday, February 7, 2019 8:08 PM, Jason Ish jason.ish at oisf.net wrote:
>
> > On 2019-02-07 7:02 p.m., 419telegraph298 at protonmail.com wrote:
> >
> > > Dear Shivani,
> > > Thank you for your help, I ran a sudo nano bashsrc and added PATH=/home/pi/.local/bin:$PATH to the file and then saved it, ran "pip install --upgrade suricata-update", said that it installed successfully but still have not been able to the program to run from command line.
> >
> > Did you try logging out then back in again? You could also enter this
> > on the command line to activate the path update immediately:
> > export PATH=/home/pi/.local/bin:$PATH
> > Then try again. Or call suricata-update with its full path, which for
> > you looks like it might be:
> > ~/.local/bin/suricata-update
> > Hope that helps,
> > Jason
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
>
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/

More information about the Oisf-users mailing list