[Oisf-users] Suricata 5.0.0 randomly stops running
Michał Purzyński
michalpurzynski1 at gmail.com
Thu Nov 21 23:01:50 UTC 2019
Leonard,
it was just my wild guess. The best way to file a bug is to follow Victor's
instructions. My SMB bug might have been as well a confirmation bias and
you might have problems somewhere else.
On Thu, Nov 21, 2019 at 11:12 AM Leonard Jacobs <leonard.jacobs at view.com>
wrote:
> Victor,
>
> Michal told me he already reported the bug that I think we are
> experiencing. SMB Parser causing Suircata 5.0.0 to crash. If you can tell
> me where to look to gather evidence then I will be glad to submit the info.
>
> I am considering installing monit to restart Suricata when it detects the
> crash.
>
> We did not have the problem until we upgraded to 5.0.0.
>
> Thanks.
>
> Leonard
>
> -----Original Message-----
> From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On
> Behalf Of Victor Julien
> Sent: Thursday, November 21, 2019 12:28 PM
> To: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Suricata 5.0.0 randomly stops running
>
> Hi Leonard, please provide some more detail in a report like this. Right
> now there is no actionable information in your report. Just that it doesn't
> work.
>
> All I can suggest is to reboot?
>
> Joking aside, please see:
>
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs
>
> It contains suggestions on how to report bugs in a useful way.
>
> Regards,
> Victor
>
>
> On 21-11-19 06:57, Leonard Jacobs wrote:
> > Is there any estimate when this issue will have a patch or fix or new
> > revision?
> >
> > Thanks.
> >
> > Leonard
> >
> > *From: * Leonard Jacobs <leonard.jacobs at view.com>
> > *To: * Michał Purzyński <michalpurzynski1 at gmail.com>
> > *Cc: * "oisf-users at lists.openinfosecfoundation.org"
> > <oisf-users at lists.openinfosecfoundation.org>
> > *Sent: * 11/19/2019 7:47 AM
> > *Subject: * Re: [Oisf-users] Suricata 5.0.0 randomly stops running
> >
> > Seems like it make sense to disable SMB detection until this issue
> > is fixed.
> >
> >
> >
> > *From:* Michał Purzyński <michalpurzynski1 at gmail.com>
> > *Sent:* Monday, November 18, 2019 6:14 PM
> > *To:* Leonard Jacobs <leonard.jacobs at view.com>
> > *Cc:* oisf-users at lists.openinfosecfoundation.org
> > *Subject:* Re: [Oisf-users] Suricata 5.0.0 randomly stops running
> >
> >
> >
> > Does "stops running" mean it crashes? If so, can you get the core file?
> >
> > Might not be related, but do you have SMB traffic in your network? I
> > just stumbled upon this bug (it might be something else for you of
> > course)
> >
> > https://redmine.openinfosecfoundation.org/issues/3342?issue_count=191&
> > issue_position=1&next_issue_id=3341
> >
> >
> >
> >
> >
> > On Mon, Nov 18, 2019 at 5:48 AM Leonard Jacobs
> > <leonard.jacobs at view.com <mailto:leonard.jacobs at view.com>> wrote:
> >
> > Ever since we went to Suricata 5.0.0, our installation randomly
> > stops and we have to restart Suricata. At first, we thought the
> > script that starts Suricata was failing but we manually start it
> > at a command line and experience the same issue.
> >
> >
> >
> > Running Suricata on Ubuntu 18.04 with 350 GB SSD, Xeon
> > processor, and 8 GB of RAM. Suricata is configured to just
> > listen to network traffic on one gig ethernet port.
> >
> >
> >
> > How can I find out what is causing this problem?
> >
> >
> >
> > Thanks.
> >
> >
> >
> > *Leonard*
> >
> >
> >
> > This message and any attachments may contain confidential
> > information of View, Inc. If you are not the intended recipient
> > you are hereby notified that any dissemination, copying or
> > distribution of this message, or files associated with this
> > message, is strictly prohibited. If you have received this
> > message in error, please notify us immediately by replying to
> > the message and delete the message from your computer.
> >
> > _______________________________________________
> > Suricata IDS Users mailing list:
> > oisf-users at openinfosecfoundation.org
> > <mailto:oisf-users at openinfosecfoundation.org>
> > Site: http://suricata-ids.org | Support:
> > http://suricata-ids.org/support/
> > List:
> >
> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
> >
> >
> >
> > This message and any attachments may contain confidential
> > information of View, Inc. If you are not the intended recipient you
> > are hereby notified that any dissemination, copying or distribution
> > of this message, or files associated with this message, is strictly
> > prohibited. If you have received this message in error, please
> > notify us immediately by replying to the message and delete the
> > message from your computer.
> >
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> > http://suricata-ids.org/support/
> > List:
> >
> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> > http://suricata-ids.org/support/
> > List:
> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
> >
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
>
> This message and any attachments may contain confidential information of
> View, Inc. If you are not the intended recipient you are hereby notified
> that any dissemination, copying or distribution of this message, or files
> associated with this message, is strictly prohibited. If you have received
> this message in error, please notify us immediately by replying to the
> message and delete the message from your computer.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191121/5da54fe9/attachment-0001.html>
More information about the Oisf-users
mailing list