[Oisf-users] Suricata 5.0.0 randomly stops running

Leonard Jacobs leonard.jacobs at view.com
Thu Nov 21 19:12:27 UTC 2019


Victor,

Michal told me he already reported the bug that I think we are experiencing. SMB Parser causing Suircata 5.0.0 to crash.  If you can tell me where to look to gather evidence then I will be glad to submit the info.

I am considering installing monit to restart Suricata when it detects the crash.

We did not have the problem until we upgraded to 5.0.0.

Thanks.

Leonard

-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Victor Julien
Sent: Thursday, November 21, 2019 12:28 PM
To: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Suricata 5.0.0 randomly stops running

Hi Leonard, please provide some more detail in a report like this. Right now there is no actionable information in your report. Just that it doesn't work.

All I can suggest is to reboot?

Joking aside, please see:

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

It contains suggestions on how to report bugs in a useful way.

Regards,
Victor


On 21-11-19 06:57, Leonard Jacobs wrote:
> Is there any estimate when this issue will have a patch or fix or new 
> revision?
> 
> Thanks.
> 
> Leonard
> 
> *From: * Leonard Jacobs <leonard.jacobs at view.com>
> *To: * Michał Purzyński <michalpurzynski1 at gmail.com>
> *Cc: * "oisf-users at lists.openinfosecfoundation.org"
> <oisf-users at lists.openinfosecfoundation.org>
> *Sent: * 11/19/2019 7:47 AM
> *Subject: * Re: [Oisf-users] Suricata 5.0.0 randomly stops running
> 
>     Seems like it make sense to disable SMB detection until this issue
>     is fixed.
> 
>      
> 
>     *From:* Michał Purzyński <michalpurzynski1 at gmail.com>
>     *Sent:* Monday, November 18, 2019 6:14 PM
>     *To:* Leonard Jacobs <leonard.jacobs at view.com>
>     *Cc:* oisf-users at lists.openinfosecfoundation.org
>     *Subject:* Re: [Oisf-users] Suricata 5.0.0 randomly stops running
> 
>      
> 
>     Does "stops running" mean it crashes? If so, can you get the core file?
> 
>     Might not be related, but do you have SMB traffic in your network? I
>     just stumbled upon this bug (it might be something else for you of
>     course)
>     
> https://redmine.openinfosecfoundation.org/issues/3342?issue_count=191&
> issue_position=1&next_issue_id=3341
> 
>      
> 
>      
> 
>     On Mon, Nov 18, 2019 at 5:48 AM Leonard Jacobs
>     <leonard.jacobs at view.com <mailto:leonard.jacobs at view.com>> wrote:
> 
>         Ever since we went to Suricata 5.0.0, our installation randomly
>         stops and we have to restart Suricata.  At first, we thought the
>         script that starts Suricata was failing but we manually start it
>         at a command line and experience the same issue.
> 
>          
> 
>         Running Suricata on Ubuntu 18.04 with 350 GB SSD, Xeon
>         processor, and 8 GB of RAM.  Suricata is configured to just
>         listen to network traffic on one gig ethernet port.
> 
>          
> 
>         How can I find out what is causing this problem?
> 
>          
> 
>         Thanks.
> 
>          
> 
>         *Leonard*
> 
>          
> 
>         This message and any attachments may contain confidential
>         information of View, Inc. If you are not the intended recipient
>         you are hereby notified that any dissemination, copying or
>         distribution of this message, or files associated with this
>         message, is strictly prohibited. If you have received this
>         message in error, please notify us immediately by replying to
>         the message and delete the message from your computer.
> 
>         _______________________________________________
>         Suricata IDS Users mailing list:
>         oisf-users at openinfosecfoundation.org
>         <mailto:oisf-users at openinfosecfoundation.org>
>         Site: http://suricata-ids.org | Support:
>         http://suricata-ids.org/support/
>         List:
>         
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
>         Conference: https://suricon.net
>         Trainings: https://suricata-ids.org/training/
> 
> 
> 
>     This message and any attachments may contain confidential
>     information of View, Inc. If you are not the intended recipient you
>     are hereby notified that any dissemination, copying or distribution
>     of this message, or files associated with this message, is strictly
>     prohibited. If you have received this message in error, please
>     notify us immediately by replying to the message and delete the
>     message from your computer.
> 
> 
> 
>     _______________________________________________
>     Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>     Site: http://suricata-ids.org | Support:
>     http://suricata-ids.org/support/
>     List:
>     
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
>     Conference: https://suricon.net
>     Trainings: https://suricata-ids.org/training/
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: 
> http://suricata-ids.org/support/
> List: 
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
> 


--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/

This message and any attachments may contain confidential information of View, Inc. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and delete the message from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191121/95b266e1/attachment-0001.html>


More information about the Oisf-users mailing list