Problem 100% cpu suricata

[FOOLiSH]

hi, when my pppoe go down, suricata, cpu go 100%, i must reboot the service manually. why?
this is the error
uricata: [100928] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading data from iface 'pppoe0': (55u) No buffer space available

[FOOLiSH]

news for this problem?

[FOOLiSH]

its possible to create a schedule for reboot automatically the service?

[mimugmail]

Do you use promisc mode? Or maybe set the parent interface and not pppoe itself

[FOOLiSH]

solved to create a script
https://forum.netgate.com/topic/64563/pfsense-auto-reboot-script-when-google-is-unreachable
i have modify something

Code Select Expand

#!/bin/bash
#
# put -xv after bash to debug
#
HOSTS="www.google.com"
COUNT=10
echo "----------------------"
#debug
echo "Host to Ping -----> " $HOSTS
echo "----------------------"
echo "Ping to do   -----> " $COUNT
echo "----------------------"
######
for myHost in $HOSTS
do
  counting=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')

  #debug

  echo "Ping replied -----> " $counting

  ######
  if [ $counting > 5 ]; then
echo "----------------------"
   echo "Ping Host OK ----->" $HOSTS
echo "----------------------"
  else
        echo "Reboot Suricata WAN DOWN!"
        echo "STOP Suricata Service"
        sleep 3
        sudo service suricata stop
        echo "Wait 15 seconds"
        sleep 15
        echo "Reset ALL state"
        sleep 3
        sudo pfctl -F state
        echo "Wait 10 seconds"
        sleep 10
        echo "START Suricata Service"
        sleep 3
        sudo service suricata start
fi
done

after create a new crontab every minute execute script for chek www.google.com its ping ok do nothing if ping go down reboot service

[FullyBorked]

This could also be done more simply with Monit instead of a script, you could set your test on cpu utilization and action to restart the suricata service. Doesn't solve the root cause of the cpu usage though.