Suricata keeps crashing after last update

Started by Julien, June 21, 2021, 01:36:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 21, 2021, 01:36:12 AM Last Edit: June 21, 2021, 01:38:29 AM by Julien
Hi guys,
i hope someone can point me to the right directions, ive been using IDS for over 2 years,
last day we updated the box to the 21.1.7 sinds than Suricata keeps crashing with the below log.
it stops the service and have to start it manually


thank you

Code Select
2021-06-21T01:34:42
suricata[35325]
[100280] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
 
2021-06-21T01:34:42
suricata[35325]
[101369] <Notice> -- opened netmap:em0/T from em0: 0x3e8cf080300
 
2021-06-21T01:34:42
suricata[35325]
[101369] <Notice> -- opened netmap:em0^ from em0^: 0x3e8cf080000
 
2021-06-21T01:34:42
suricata[35325]
[100225] <Notice> -- opened netmap:em0^ from em0^: 0x3e8ce0af300
 
2021-06-21T01:34:41
suricata[35325]
[100225] <Notice> -- opened netmap:em0/R from em0: 0x3e8ce0af000
 
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
 
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.http.binary' is checked but not set. Checked in 2820208 and 0 other sigs
 
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
 
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
 
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 0 other sigs
 
2021-06-21T01:33:42
suricata[35325]
[100280] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 2 other sigs
 
2021-06-21T01:33:13
suricata[21102]
[100286] <Notice> -- This is Suricata version 5.0.6 RELEASE running in SYSTEM mode
 
2021-06-20T03:01:09
suricata[29540]
[100253] <Notice> -- rule reload complete
 
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
 
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.http.binary' is checked but not set. Checked in 2820208 and 0 other sigs
 
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
 
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
 
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 0 other sigs
 
2021-06-20T03:00:39
suricata[29540]
[100253] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 2 other sigs
 
2021-06-20T03:00:08
suricata[29540]
[100253] <Notice> -- rule reload starting
DEC4240 – OPNsense Owner
June 25, 2021, 12:25:17 PM #1
Anyone got a idea why is this happening?
the IDS keeps shutting down it self.
DEC4240 – OPNsense Owner
June 27, 2021, 01:13:16 PM #2
Development Stream?
July 05, 2021, 01:16:51 AM #3
Quote from: XeroX on June 27, 2021, 01:13:16 PM
Development Stream?

if you mean if i am running a development firmware no,
is too bad no where here a documentation how to configure this thing.
DEC4240 – OPNsense Owner
July 18, 2021, 10:49:00 PM #4
anyone here can advise why it keeps crashing when i enable it ?
DEC4240 – OPNsense Owner
Print
Go Up Pages1
User actions