Bug #2703
closed
Added by Kenneth Kolano almost 6 years ago.
Updated over 5 years ago.
Description
If downloads fail it seems Suricata-Update can hang. For instance, a DL stuck at 99% here has left an update hung for >30min.
2018-11-21 23:45:21,436 - <INFO> - Fetching https://rules.emergingthreats.net/blockrules/emerging-tor.suricata.rules.
99% - 475136/476129
This effects the 1.0.0 release bundled in Suricata, though that seems to be missing from the "Affected Versions" drop down here.
- Tracker changed from Feature to Bug
- Affected Versions 1.0.0 added
- Assignee changed from Jason Ish to Shivani Bhardwaj
A repeated case of this did seem to timeout today...
2018-11-29 20:00:17,283 - <INFO> - Fetching https://rules.emergingthreats.net/open/suricata-4.1.0/emerging.rules.tar.gz.
99% - 2293760/2303298
ERROR!: Suricata-Update timed out, retrying.
...unclear what differentiated this run from the one that hung.
It doesn't look liks this error message:
ERROR!: Suricata-Update timed out, retrying.
Are you running it in some wrapper that may timeout and kill the app itself?
I'm also curious why you are timing out on this rule source? Is it a usual occurrence? Does it ever successfully complete?
Ah yes, sorry, that timeout is from the "timeout" command I added to ensure Suricata-Update updates didn't just remain hung...
timeout 15m sudo suricata-update
Updates do usually complete successfully, but I sometimes see these odd hangs occur.
I have been seeing some networking issue unrelated to Suricata with installs of Ubuntu 16 on a Virtualbox VM. Where some DNS queries arbitrarily seem to fail. Revising to using Google DNS rather than my ISPs seemed to resolve most of that, but I suspect something related to that is still broken and may be cropping up here.
In any case, it seems Suricata-Update may need to better account for these sorts of download failures to avoid becoming hung up.
Yes, its currently being investigated and worked on.
Suricata events also seem to indicate someone may be attempting to DOS the box these VMs are running on at times, which may be related to the network failures.
SERVER-OTHER Cisco NetFlow Generation Appliance SCTP denial of service attempt
SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt
PROTOCOL-VOIP Cisco Expressway and TelePresence VCS denial of service attempt
- Target version changed from 1.0.1 to TBD
- Status changed from New to Assigned
- Status changed from Assigned to Feedback
- Status changed from Feedback to Closed
- Affected Versions 1.0.5 added
- Affected Versions deleted (
1.0.0)
- Target version changed from TBD to 1.0.5
- Affected Versions 1.0.0 added
- Affected Versions deleted (
1.0.5)
Also available in: Atom
PDF