Show Posts
1
23.7 Legacy Series / Suricata issue on PPPoE interface. Logs consumes 80GB of space in less than 2h.
« on: October 02, 2023, 08:02:49 pm »
Hi
recently I decided to go from OPNsense VM (on Vmware) to physical one.
After deploying and configure as it was on my VM after few hours OPNsense Web GUI stopped to work.
I saw that on suricata log folder there are almost 80 GB of logs :/
in that log i found :
2023-10-02T13:54:38 Error suricata [101232] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0^': (55u) No buffer space available
2023-10-02T13:54:38 Error suricata [101232] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0^': (55u) No buffer space available
2023-10-02T13:54:38 Error suricata [101225] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0': (55u) No buffer space available
2023-10-02T13:54:38 Error suricata [101225] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0': (55u) No buffer space available
2023-10-02T13:54:38 Error suricata [101225] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0': (55u) No buffer space
this is a bit strange because after I disabled suricata service logs ware still growing. I had to disable any logs from being written to disk. on SYSTEM->SETTINGS->Logging, I had to check this option "Disable writing log files to the local disk" to be able to safe OPNsense box from being unavailable.
Honestly I have no idea where to look further.
I found a topic from 2019 that suricata has some issues with netmap driver on PPPoE interfacess, but I was using the same setup for years now in my Vmware box as virtual machine, It was ok for 4 years now.
I also use ZENARMOR on LAN interface as I was using it before, no issue whatsoever.
Only difference is now I'm using box with 10GB nic Intel x540-t2.
Unfortunately I'm sharing some services that is why I need this suricata on my wan interface to be working ;(
Does anybody has the same issue and was able to solve this?
also I'm not verry good in Linux/bsd systems That's why I search the forums for a solution to a problem that is similar or the same as mine
OPNsense is in version 23.7.5
regards
recently I decided to go from OPNsense VM (on Vmware) to physical one.
After deploying and configure as it was on my VM after few hours OPNsense Web GUI stopped to work.
I saw that on suricata log folder there are almost 80 GB of logs :/
in that log i found :
2023-10-02T13:54:38 Error suricata [101232] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0^': (55u) No buffer space available
2023-10-02T13:54:38 Error suricata [101232] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0^': (55u) No buffer space available
2023-10-02T13:54:38 Error suricata [101225] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0': (55u) No buffer space available
2023-10-02T13:54:38 Error suricata [101225] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0': (55u) No buffer space available
2023-10-02T13:54:38 Error suricata [101225] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading netmap data via polling from iface 'pppoe0': (55u) No buffer space
this is a bit strange because after I disabled suricata service logs ware still growing. I had to disable any logs from being written to disk. on SYSTEM->SETTINGS->Logging, I had to check this option "Disable writing log files to the local disk" to be able to safe OPNsense box from being unavailable.
Honestly I have no idea where to look further.
I found a topic from 2019 that suricata has some issues with netmap driver on PPPoE interfacess, but I was using the same setup for years now in my Vmware box as virtual machine, It was ok for 4 years now.
I also use ZENARMOR on LAN interface as I was using it before, no issue whatsoever.
Only difference is now I'm using box with 10GB nic Intel x540-t2.
Unfortunately I'm sharing some services that is why I need this suricata on my wan interface to be working ;(
Does anybody has the same issue and was able to solve this?
also I'm not verry good in Linux/bsd systems That's why I search the forums for a solution to a problem that is similar or the same as mine
OPNsense is in version 23.7.5
regards