Actions
Bug #1465
closedSuricata 2.1 lua output can't work in osx
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
lua output can't work at osx,but work well at centos 6.5
[yp@wonagequ suricata]$ sudo suricata -c /usr/local/etc/suricata/suricata.yaml -i en2 -vv Password: 11/5/2015 -- 11:01:54 - <Notice> - This is Suricata version 2.1beta4 RELEASE 11/5/2015 -- 11:01:54 - <Info> - CPUs/cores online: 4 11/5/2015 -- 11:01:54 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. 11/5/2015 -- 11:01:54 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization. 11/5/2015 -- 11:01:54 - <Info> - DNS request flood protection level: 500 11/5/2015 -- 11:01:54 - <Info> - DNS per flow memcap (state-memcap): 524288 11/5/2015 -- 11:01:54 - <Info> - DNS global memcap: 16777216 11/5/2015 -- 11:01:54 - <Info> - Modbus request flood protection level: 500 11/5/2015 -- 11:01:54 - <Info> - Found an MTU of 1500 for 'en2' 11/5/2015 -- 11:01:54 - <Info> - allocated 5242880 bytes of memory for the defrag hash... 65536 buckets of size 80 11/5/2015 -- 11:01:54 - <Info> - preallocated 65535 defrag trackers of size 192 11/5/2015 -- 11:01:54 - <Info> - defrag memory usage: 17825600 bytes, maximum: 33554432 11/5/2015 -- 11:01:54 - <Info> - AutoFP mode using default "Active Packets" flow load balancer 11/5/2015 -- 11:01:54 - <Info> - allocated 524288 bytes of memory for the host hash... 4096 buckets of size 128 11/5/2015 -- 11:01:54 - <Info> - preallocated 1000 hosts of size 136 11/5/2015 -- 11:01:54 - <Info> - host memory usage: 684288 bytes, maximum: 16777216 11/5/2015 -- 11:01:54 - <Info> - allocated 8388608 bytes of memory for the flow hash... 65536 buckets of size 128 11/5/2015 -- 11:01:54 - <Info> - preallocated 10000 flows of size 304 11/5/2015 -- 11:01:54 - <Info> - flow memory usage: 11508608 bytes, maximum: 67108864 11/5/2015 -- 11:01:54 - <Info> - stream "prealloc-sessions": 2048 (per thread) 11/5/2015 -- 11:01:54 - <Info> - stream "memcap": 33554432 11/5/2015 -- 11:01:54 - <Info> - stream "midstream" session pickups: disabled 11/5/2015 -- 11:01:54 - <Info> - stream "async-oneside": disabled 11/5/2015 -- 11:01:54 - <Info> - stream "checksum-validation": disabled 11/5/2015 -- 11:01:54 - <Info> - stream."inline": disabled 11/5/2015 -- 11:01:54 - <Info> - stream "max-synack-queued": 5 11/5/2015 -- 11:01:54 - <Info> - stream.reassembly "memcap": 134217728 11/5/2015 -- 11:01:54 - <Info> - stream.reassembly "depth": 1048576 11/5/2015 -- 11:01:54 - <Info> - stream.reassembly "toserver-chunk-size": 2586 11/5/2015 -- 11:01:54 - <Info> - stream.reassembly "toclient-chunk-size": 2540 11/5/2015 -- 11:01:54 - <Info> - stream.reassembly.raw: enabled 11/5/2015 -- 11:01:54 - <Info> - segment pool: pktsize 4, prealloc 256 11/5/2015 -- 11:01:54 - <Info> - segment pool: pktsize 16, prealloc 512 11/5/2015 -- 11:01:54 - <Info> - segment pool: pktsize 112, prealloc 512 11/5/2015 -- 11:01:54 - <Info> - segment pool: pktsize 248, prealloc 512 11/5/2015 -- 11:01:54 - <Info> - segment pool: pktsize 512, prealloc 512 11/5/2015 -- 11:01:54 - <Info> - segment pool: pktsize 768, prealloc 1024 11/5/2015 -- 11:01:54 - <Info> - segment pool: pktsize 1448, prealloc 1024 11/5/2015 -- 11:01:54 - <Info> - segment pool: pktsize 65535, prealloc 128 11/5/2015 -- 11:01:54 - <Info> - stream.reassembly "chunk-prealloc": 250 11/5/2015 -- 11:01:54 - <Info> - stream.reassembly "zero-copy-size": 128 11/5/2015 -- 11:01:54 - <Info> - allocated 524288 bytes of memory for the ippair hash... 4096 buckets of size 128 11/5/2015 -- 11:01:54 - <Info> - preallocated 1000 ippairs of size 152 11/5/2015 -- 11:01:54 - <Info> - ippair memory usage: 684288 bytes, maximum: 16777216 11/5/2015 -- 11:01:54 - <Info> - using magic-file /usr/local/opt/libmagic/share/misc/magic.mgc 11/5/2015 -- 11:01:54 - <Info> - Delayed detect disabled 11/5/2015 -- 11:01:54 - <Info> - IP reputation disabled 11/5/2015 -- 11:02:00 - <Info> - 48 rule files processed. 16477 rules successfully loaded, 0 rules failed 11/5/2015 -- 11:02:00 - <Info> - 16485 signatures processed. 910 are IP-only rules, 5076 are inspecting packet payload, 12360 inspect application layer, 94 are decoder event only 11/5/2015 -- 11:02:00 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete 11/5/2015 -- 11:02:00 - <Info> - building signature grouping structure, stage 2: building source address list... complete 11/5/2015 -- 11:02:02 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete 11/5/2015 -- 11:02:03 - <Info> - Threshold config parsed: 0 rule(s) found 11/5/2015 -- 11:02:03 - <Info> - Core dump size set to unlimited. 11/5/2015 -- 11:02:03 - <Info> - fast output device (regular) initialized: fast.log 11/5/2015 -- 11:02:03 - <Info> - eve-log output device (regular) initialized: eve.json 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'alert' 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'http' 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'dns' 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'tls' 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'files' 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'smtp' 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'ssh' 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'flow' 11/5/2015 -- 11:02:03 - <Info> - enabling 'eve-log' module 'netflow' 11/5/2015 -- 11:02:03 - <Info> - http-log output device (regular) initialized: http.log 11/5/2015 -- 11:02:03 - <Info> - Using log dir /usr/local/var/log/suricata/ 11/5/2015 -- 11:02:03 - <Info> - using normal logging 11/5/2015 -- 11:02:03 - <Info> - stats output device (regular) initialized: stats.log 11/5/2015 -- 11:02:03 - <Info> - enabling script flowtest.lua [yp@wonagequ suricata]$
Updated by Victor Julien over 9 years ago
Is there a core file that you can inspect? Or can you try running Suricata in a debugger like gdb to see where it fails?
Actions