[Oisf-users] Suricata 5.0.0 randomly stops running

Leonard Jacobs leonard.jacobs at view.com
Tue Nov 19 13:47:32 UTC 2019 

Seems like it make sense to disable SMB detection until this issue is fixed.

From: Michał Purzyński <michalpurzynski1 at gmail.com>
Sent: Monday, November 18, 2019 6:14 PM
To: Leonard Jacobs <leonard.jacobs at view.com>
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Suricata 5.0.0 randomly stops running

Does "stops running" mean it crashes? If so, can you get the core file?
Might not be related, but do you have SMB traffic in your network? I just stumbled upon this bug (it might be something else for you of course) https://redmine.openinfosecfoundation.org/issues/3342?issue_count=191&issue_position=1&next_issue_id=3341


On Mon, Nov 18, 2019 at 5:48 AM Leonard Jacobs <leonard.jacobs at view.com<mailto:leonard.jacobs at view.com>> wrote:
Ever since we went to Suricata 5.0.0, our installation randomly stops and we have to restart Suricata.  At first, we thought the script that starts Suricata was failing but we manually start it at a command line and experience the same issue.

Running Suricata on Ubuntu 18.04 with 350 GB SSD, Xeon processor, and 8 GB of RAM.  Suricata is configured to just listen to network traffic on one gig ethernet port.

How can I find out what is causing this problem?

Thanks.

Leonard


This message and any attachments may contain confidential information of View, Inc. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and delete the message from your computer.
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/

This message and any attachments may contain confidential information of View, Inc. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and delete the message from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191119/965e3aff/attachment-0001.html>

More information about the Oisf-users mailing list