Project

General

Profile

Actions
Copy link

Bug #3370

closed

Suricata 5.0.0 Crashes Intermittently

Added by Leonard Jacobs almost 5 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Leonard Jacobs
Target version:
TBD
Affected Versions:
5.0.0
Effort:
Difficulty:
Label:

Description

Suricata totally stops intermittently. Cannot determine why it crashes. The files I have attached are not necessarily from the moment in time when a crash has occurred.

Files

Download all files
suricata_build_info.txt (3.71 KB) suricata_build_info.txt Leonard Jacobs, 11/27/2019 04:52 PM
coredump (4.62 KB) coredump Leonard Jacobs, 11/27/2019 04:53 PM
suricata.log (483 KB) suricata.log Leonard Jacobs, 12/02/2019 01:44 PM
suricata.yaml (73.3 KB) suricata.yaml Leonard Jacobs, 12/02/2019 01:49 PM
suricata.log (484 KB) suricata.log Leonard Jacobs, 12/02/2019 08:46 PM
LastStatsReadingbeforeCrashwasnoticed.txt (113 KB) LastStatsReadingbeforeCrashwasnoticed.txt Leonard Jacobs, 12/02/2019 08:55 PM
stats.zip (12.9 MB) stats.zip Stats file for the day Leonard Jacobs, 12/02/2019 09:00 PM
Actions
Copy link
 #1

Updated by Andreas Herz almost 5 years ago

  • Status changed from New to Feedback
  • Assignee set to Leonard Jacobs
  • Priority changed from Urgent to Normal
  • Target version set to TBD

Can you provide us with more infos about your setup/system?

Actions
Copy link
 #2

Updated by Leonard Jacobs almost 5 years ago

Besides what I have provided below, what dod you need to know?


Ubuntu 16.04.6 LTS GNU/Linux 4.4.0-169-generic x86_64

Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                12
On-line CPU(s) list:   0-11
Thread(s) per core:    2
Core(s) per socket:    6
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 86
Model name:            Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz
Stepping:              3
CPU MHz:               1099.996
CPU max MHz:           2500.0000
CPU min MHz:           800.0000
BogoMIPS:              3799.74
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              9216K
NUMA node0 CPU(s):     0-11
Flags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb invpcid_single intel_pt ssbd ibrs ibpb stibp kaiser tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm rdseed adx smap xsaveopt cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts md_clear flush_l1d

              total        used        free      shared  buff/cache   available
Mem:        8068680     1242568     5252744        5536     1573368     6481196
Swap:       1003516        9100      994416

Filesystem                    Size  Used Avail Use% Mounted on
udev                          3.9G     0  3.9G   0% /dev
tmpfs                         788M  9.0M  780M   2% /run
/dev/mapper/nsmsvr1--vg-root  219G   60G  148G  29% /
tmpfs                         3.9G     0  3.9G   0% /dev/shm
tmpfs                         5.0M     0  5.0M   0% /run/lock
tmpfs                         3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sda1                     720M  108M  576M  16% /boot
tmpfs                         788M     0  788M   0% /run/user/1000
Actions
Copy link
 #3

Updated by Peter Manev almost 5 years ago

If you could share the following would be very helpful in the investigation:
- stats.log after the crash
- Suricata starting command line
- yaml configuration (mask out the home/ext nets if needed)
- suricata.log
- any observations as to when it happens (certain time during the day/week, etc.)

Ideally if possible a full trace would be nice - compiling with debug flags enabled - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions
Copy link Download all files
 #4

Updated by Leonard Jacobs almost 5 years ago

Suricata starting command line: suricata -D -c /etc/suricata/suricata.yaml -i eno4

The crash times appears to be random. I am running a cron job that restarts Suricata every 30 minutes until we can figure out why it is crashing. That cron job also clears the eve.json file.

The interface is connected to a span port on core switch. Plans are place the interface on a gigabit tap; possibly optical.

Noticed that stats.log is not currently enabled. Will enable it.

Actions
Copy link Download all files
 #5

Updated by Leonard Jacobs almost 5 years ago

Suricata crashed so I am submitting stats.log file and a suricata.log file.

Actions
Copy link
 #6

Updated by Leonard Jacobs almost 5 years ago

Is it possible that crashes are occurring because Suricata 5.0.0 is running on Unbuntu 16.04.6? I just upgraded kernel to 4.4.0-170-generic and rebooted the system.

Actions
Copy link
 #7

Updated by Peter Manev almost 5 years ago

Out of curiosity - have you observed any crashes since those upgrades?

Actions
Copy link
 #8

Updated by Andreas Herz over 2 years ago

  • Status changed from Feedback to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this issue is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions
Copy link

Also available in: Atom PDF