Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: geotek on April 19, 2025, 01:54:24 PM

Title: Suricata is crashing on all firerwalls starting April 19th, 2025
Post by: geotek on April 19, 2025, 01:54:24 PM
We are using the proofpoint rules and all OPNsense versions from 25.1 to 24.x are affected. Error message is:

<Error> -- Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this

It looks like a broken rule update is responsible for this, since ample memory and disk space is available on our boxes.
Title: Re: Suricata is crashing on all firerwalls starting April 19th, 2025
Post by: geotek on April 20, 2025, 11:25:21 AM
One more observation: Only boxes with one of the three Aho-Corasick Pattern matchers are affected, even with today's updated rules. Boxes with Hyperscan matcher were not affected. After changing the matcher to Hyperscan, the problem was solved on all of our previously affected firewalls.

I hope this helps identifying and fixing the cause.
Title: Re: Suricata is crashing on all firerwalls starting April 19th, 2025
Post by: allenlook on April 21, 2025, 02:47:02 PM
Ours started erroring out on the 20th, same symptoms, and same temporary resolution - Hyperscan.
Title: Re: Suricata is crashing on all firerwalls starting April 19th, 2025
Post by: ErikLievense on April 22, 2025, 01:58:34 AM
Same here
Text only | Text with Images