Hello, i got this error, any idea?
This is probably related to the problem I and several others have, possibly pointing to some rulesets growing massively and causing errors. I have to disable abuse.ch/URLhaus to start suricata.
I did get the same error as you during my trial and errors..
ok thanks!
A few hours later, my box is able to load the list again but it takes 25 minutes to reload the rules so I expect suricata to come crashing down any day soon due to the size of the rule set. It could also be a temporary corrupt rule set at URLhaus that now is fixed.
Hi everyone,
the same issue here:
2020-09-28T21:43:16 suricata[80031] [100112] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-09-28T21:35:15 suricata[42527] [100265] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
2020-09-28T19:45:03 suricata[39423] [100184] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
Any hints that could lead to the solution or workaround? Thank you!
Same problem here.
2020-10-02T23:34:46 suricata[11312] [101016] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-10-02T23:29:48 suricata[94676] [100093] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
2020-10-01T21:04:05 suricata[23078] [100122] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
Disabling of abuse.ch/URLhaus did help, but this is not a solution. By the way, I have plenty of memory available, in total 8GB RAM, and with URLhaus enabled still 35% Ram left free.
Hello,
isn't there any solution? None any idea?
No :/.
For now when i start the suricata on one of my interface, the interface crash and can't communicate anymore...
I have to restart the VM to make it work and stop suricata.
Same issue here
2020-10-21T08:53:20 suricata[52318] [101262] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-10-21T08:47:24 suricata[52303] [100253] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
How can I delete Surricata rules? I was playing with various sources and now have 217048 rules on the system, all set to Alert. Just want to delete them all and download only what I need.
Disabling alerting is really PITA as one can do only 1000 rules at a time. I prefer to delete them all and start from scratch.
Hi,
since today we have the same issue.
We are just using ET telemetry rulesets.
Is there anything I can do?
Memory and diskspace is available.
Try changing to "Hyperscan", that has resolved it for us at least temporarily.
Its still not working. I dont know why you would have to leave a ruleset out. I think the whole set is only a couple hundred MBytes. I will try altering the scan to hyperdrive if thats not the default. But this problem [running out of space] needs to be resolved in the main system programming.
I changed IPS>Administratiom>Settings Advanced and changed pattern matcher to Hyperscan
As pointed out by user geotek
And Detect profile to medium, may not have needed to change that
Its working for now
Quote from: someone on May 06, 2025, 11:45:13 PMI changed IPS>Administratiom>Settings Advanced and changed pattern matcher to Hyperscan
As pointed out by user geotek
And Detect profile to medium, may not have needed to change that
Its working for now
This is Suricata version 7.0.10 RELEASE running in SYSTEM mode
229,718 Rules
"Error suricata [100736] <Error> -- Just ran out of space in the queue. Please file a bug report on this"
Web GUI > Services > Intrusion Detection > Administration > Settings > Advanced: (Hyperscan and Medium)
Thanks for posting the queue size work around.
I am just learning OPNsense and the queue size error started today enabling/configuring Suricata.
It looks like the Suricata rule processing is single threaded (had a ssh top window running).
I have 8 threads and 32GB of memory and it still ran out of queue space.
The work around in your post resolved this.
I've experienced the same problem. Switching to Hyperscan makes the process no longer crash, but detection's don't occur. Does anything get detected once you've switched to Hyperscan?
Quote from: joeyboon on May 29, 2025, 10:36:41 AMI've experienced the same problem. Switching to Hyperscan makes the process no longer crash, but detection's don't occur. Does anything get detected once you've switched to Hyperscan?
I'm seeing the same error message on different systems both OPNsense and other platforms. So I don't think it's specific to OPNsense.
The small appliance I have OPNsense installed on has 16Gb ram and also runs Zenarmor with Elasticsearch v8, CrowdSec and Ntopng with Redis using Database Count of 16.
I've never been able to get Intrusion Prevention working with this particular configuration so I moved Suricata to an Edge Firewall running IPFire and the ram usage stays below 4Gb. When I tried OPNsense in a VM with 32Gb and Only Suricata it never showed any alerts so I shelved it to research what's going on under the hood when I have time.
YMMV
I am seeing the same issue here.