Just ran out of space in queue - Suricata Crash

Started by Georges, September 29, 2020, 12:37:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 29, 2020, 12:37:29 PM
Hello, i got this error, any idea?

September 29, 2020, 02:26:22 PM #1
This is probably related to the problem I and several others have, possibly pointing to some rulesets growing massively and causing errors. I have to disable abuse.ch/URLhaus to start suricata.

I did get the same error as you during my trial and errors..
September 29, 2020, 06:45:38 PM #2
ok thanks!
September 30, 2020, 10:32:10 AM #3
A few hours later, my box is able to load the list again but it takes 25 minutes to reload the rules so I expect suricata to come crashing down any day soon due to the size of the rule set. It could also be a temporary corrupt rule set at URLhaus that now is fixed.
September 30, 2020, 06:08:16 PM #4
Hi everyone,

the same issue here:
2020-09-28T21:43:16   suricata[80031]   [100112] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue.  Fatal Error.  Exiting.  Please file a bug report on this
2020-09-28T21:35:15   suricata[42527]   [100265] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
2020-09-28T19:45:03   suricata[39423]   [100184] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue.  Fatal Error.  Exiting.  Please file a bug report on this

Any hints that could lead to the solution or workaround? Thank you!
October 05, 2020, 09:25:37 AM #5 Last Edit: October 05, 2020, 10:45:19 AM by meschmesch
Same problem here.
Code Select
2020-10-02T23:34:46 suricata[11312] [101016] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-10-02T23:29:48 suricata[94676] [100093] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
2020-10-01T21:04:05 suricata[23078] [100122] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this

Disabling of abuse.ch/URLhaus did help, but this is not a solution. By the way, I have plenty of memory available, in total 8GB RAM, and with URLhaus enabled still 35% Ram left free.
October 11, 2020, 07:03:45 PM #6
Hello,
isn't there any solution? None any idea?
October 13, 2020, 12:16:24 PM #7
No :/.
For now when i start the suricata on one of my interface, the interface crash and can't communicate anymore...
I have to restart the VM to make it work and stop suricata.
October 22, 2020, 05:19:42 PM #8
Same issue here
Code Select
2020-10-21T08:53:20 suricata[52318] [101262] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this
2020-10-21T08:47:24 suricata[52303] [100253] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
October 22, 2020, 05:36:17 PM #9
How can I delete Surricata rules? I was playing with various sources and now have 217048 rules on the system, all set to Alert. Just want to delete them all and download only what I need.
Disabling alerting is really PITA as one can do only 1000 rules at a time. I prefer to delete them all and start from scratch.
Print
Go Up Pages1
User actions