Just ran out of space in queue - Suricata Crash

[joeyboon]

I've experienced the same problem. Switching to Hyperscan makes the process no longer crash, but detection's don't occur. Does anything get detected once you've switched to Hyperscan?

[7queue]

I've experienced the same problem. Switching to Hyperscan makes the process no longer crash, but detection's don't occur. Does anything get detected once you've switched to Hyperscan?

I'm seeing the same error message on different systems both OPNsense and other platforms. So I don't think it's specific to OPNsense.

The small appliance I have OPNsense installed on has 16Gb ram and also runs Zenarmor with Elasticsearch v8, CrowdSec and Ntopng with Redis using Database Count of 16.

I've never been able to get Intrusion Prevention working with this particular configuration so I moved Suricata to an Edge Firewall running IPFire and the ram usage stays below 4Gb. When I tried OPNsense in a VM with 32Gb and Only Suricata it never showed any alerts so I shelved it to research what's going on under the hood when I have time.

YMMV

[biggreydog]

I am seeing the same issue here.

[bx2]

Add another user that is having this issue.

[100723] <Error> -- Just ran out of space in the queue. Please file a bug report on this   

[someone]

Yes detections work in hyperscan
1 did you enter your IP in Intrusion Detection>Administration and click advanced in upper right and put your IP in Home Network box
  and remove the others
2 Did you enable the rules, and did you click apply in Enable Intrusion detection and rules categories
3 You may not see any alerts till you actually get some, some ISP's run filters
4 Are you running blocklists, that is most of my blocks, snort community blocklists, my own IP range blocks, and others
  Can either enter them in opnsense blocklists, dont know if its subscriptions
  Or can enter them by cut and paste in user defined rules
  Or enter them manually