OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: dcol on October 01, 2019, 05:54:42 pm

Title: Suricata memory crash
Post by: dcol on October 01, 2019, 05:54:42 pm
This issue came up in another thread but I feel this topic got lost in there and is better suited in this category. Sorry in advanced for this.

The moment I upgraded from 19.7.2 to 19.7.4_1 I have had multiple memory usage spikes causing Suricata service crashes everyday. Never had this happen before the upgrade

I have tried changing Hyperscan to Default and removing some rulesets. I am down to one ruleset now and Suricata service still crashes eventually. There must be a memory leak problem or something similar. I have also tried reinstalling Suricata.

If the Suricata service stops or resets for any reason, the connection to the internet fails. But that has always been like that. The only way to fix it after a Suricata service restart or crash is a reboot of OPNsense.

I have not changed any rules in over a year in Suricata. This issue is a result of some change since the upgrade.
For now I have disabled Suricata and my firewall is stable.

Any suggestions?
Title: Re: Suricata memory crash
Post by: dcol on October 05, 2019, 10:40:31 pm
Anyone? Is this a known issue yet? Seems others are seeing Suricata memory spikes also.

Looking over the changelog, I do not see any changes to the Suricata version since 19.7.2, so it must have something to do with the way OPNsense interfaces with Suricata.

My next plan of attack is to setup a new firewall and start from scratch. I should have the new hardware next week.
Title: Re: Suricata memory crash
Post by: dcol on October 07, 2019, 12:12:24 am
It does seem as though the Suricata package is not functioning correctly. This may be attributed to the fact that I have just been applying updates to this box since version 18.1
I threw together a test box and suricata seems to be working normal on it, but it isn't live and has no traffic.
I will report back when I get my new system and move my production to it with a clean rebuilt OPNsense. And no, I won't do a restore.
Title: Re: Suricata memory crash
Post by: dcol on October 15, 2019, 11:55:03 pm
All is working with the update to Suricata 4.1.5. There was a reported memory leak with the previous version. FYI