Hello, i got this error, any idea?
This is probably related to the problem I and several others have, possibly pointing to some rulesets growing massively and causing errors. I have to disable abuse.ch/URLhaus to start suricata.
I did get the same error as you during my trial and errors..
ok thanks!
A few hours later, my box is able to load the list again but it takes 25 minutes to reload the rules so I expect suricata to come crashing down any day soon due to the size of the rule set. It could also be a temporary corrupt rule set at URLhaus that now is fixed.
Hi everyone,
the same issue here:
2020-09-28T21:43:16 suricata[80031] [100112] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-09-28T21:35:15 suricata[42527] [100265] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
2020-09-28T19:45:03 suricata[39423] [100184] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
Any hints that could lead to the solution or workaround? Thank you!
Same problem here.
2020-10-02T23:34:46 suricata[11312] [101016] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-10-02T23:29:48 suricata[94676] [100093] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
2020-10-01T21:04:05 suricata[23078] [100122] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
Disabling of abuse.ch/URLhaus did help, but this is not a solution. By the way, I have plenty of memory available, in total 8GB RAM, and with URLhaus enabled still 35% Ram left free.
Hello,
isn't there any solution? None any idea?
No :/.
For now when i start the suricata on one of my interface, the interface crash and can't communicate anymore...
I have to restart the VM to make it work and stop suricata.
Same issue here
2020-10-21T08:53:20 suricata[52318] [101262] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-10-21T08:47:24 suricata[52303] [100253] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
How can I delete Surricata rules? I was playing with various sources and now have 217048 rules on the system, all set to Alert. Just want to delete them all and download only what I need.
Disabling alerting is really PITA as one can do only 1000 rules at a time. I prefer to delete them all and start from scratch.
Hi,
since today we have the same issue.
We are just using ET telemetry rulesets.
Is there anything I can do?
Memory and diskspace is available.
Try changing to "Hyperscan", that has resolved it for us at least temporarily.