Problem with shutdown/reboot as killing suricata gets stuck forever.

Started by mrzaz, Today at 09:38:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 09:38:25 AM
Hello,
I am running latest 26.1.10 under Unraid VM (QEMU) and a permanent issue that
when doing a reboot or shutdown it is getting stuck trying to kill Suricata forever.

Code Select
root@OPNsense:~ # /usr/local/etc/rc.reboot
>>> Invoking stop script 'beep'
>>> Invoking stop script 'freebsd'
crowdsec_firewall is not running.
Stopping crowdsec.
Waiting for PIDS: 22448.
lldpd not running? (check /var/run/lldpd.pid).
qemu_guest_agent not running? (check /var/run/qemu-ga.pid).
snmpd not running? (check /var/run/net_snmpd.pid).
Stopping suricata.
Waiting for PIDS: 26425

I had it sit for several minutes but still stuck.

I then permanently killed it manually by issuing a separate "kill -9 26425" which then let shutdown to continue.

Code Select
root@OPNsense:~ # /usr/local/etc/rc.reboot
>>> Invoking stop script 'beep'
>>> Invoking stop script 'freebsd'
crowdsec_firewall is not running.
crowdsec not running? (check /var/run/crowdsec_daemon.pid).
lldpd not running? (check /var/run/lldpd.pid).
qemu_guest_agent not running? (check /var/run/qemu-ga.pid).
snmpd not running? (check /var/run/net_snmpd.pid).
Stopping suricata.
Waiting for PIDS: 26425.
Stopping acme_http_challenge.
Waiting for PIDS: 16362.
Stopping flowd.
kill: 6470: No such process
kill: 7055: No such process
Stopping maltrailsensor.
Waiting for PIDS: 91290.
Stopping maltrailserver.
Waiting for PIDS: 88043.
Stopping apcupsd.
kill: 62174: No such process
Stopping flowd_aggregate...done
Stopping monit.
Waiting for PIDS: 85295.
crowdsec not running? (check /var/run/crowdsec_daemon.pid).
crowdsec_firewall is not running.
Stopping tailscaled.
Waiting for PIDS: 44920, 44920.
>>> Invoking stop script 'backup'
>>> Invoking backup script 'captiveportal'
>>> Invoking backup script 'netflow'
>>> Invoking backup script 'rrd'
>>> Invoking stop script 'config'
Shutdown NOW!
shutdown: [pid 90818]

*** FINAL System shutdown message from root@OPNsense.mrzaz.com ***

System going down IMMEDIATELY



*** FINAL System shutdown message from root@OPNsense.mrzaz.com ***

System going down IMMEDIATELY

This is what came in other session where i killed the process

Code Select
root@OPNsense:~ # kill -9 26425
*** FINAL System shutdown message from root@OPNsense.mrzaz.com ***

System going down IMMEDIATELY



*** FINAL System shutdown message from root@OPNsense.mrzaz.com ***

System going down IMMEDIATELY

I have tried this several times at various times and get the same issue everytime. 100% failure.
I do have the "os-qemu-guest-agent" installed/running.

Does anyone else having same issue ?
Any idea of any workaround I could test ?
Best regards
Dan Lundqvist (mrzaz)

"It's better to burn up, than fade away..." (Highlander)
Today at 10:44:03 AM #1
In which mode is suricata running? IDS, IPS (netmap or divert)?


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
Today at 03:25:38 PM #2
Today at 05:32:47 PM #3
Quote from: cookiemonster on Today at 03:25:38 PMhttps://forum.opnsense.org/index.php?topic=52191.msg269089;topicseen#msg269089
Double post or similar but separate problem?
This issue is related to that issue as he mentions there two or three times ;)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 08:34:35 PM #4
Quote from: franco on Today at 10:44:03 AMIn which mode is suricata running? IDS, IPS (netmap or divert)?


Cheers,
Franco

- Divert (IPS)
Pattern matcher = Aho-Corasick, "Ken Steele" variant.

//Dan Lundqvist
Best regards
Dan Lundqvist (mrzaz)

"It's better to burn up, than fade away..." (Highlander)
Today at 08:36:15 PM #5
Quote from: cookiemonster on Today at 03:25:38 PMhttps://forum.opnsense.org/index.php?topic=52191.msg269089;topicseen#msg269089
Double post or similar but separate problem?

Yes, I have closed that and keeping this only.
Sorry. Was not sure in which group it was best suited.

//Dan Lundqvist
Best regards
Dan Lundqvist (mrzaz)

"It's better to burn up, than fade away..." (Highlander)
Today at 08:43:43 PM #6
Quote from: nero355 on Today at 05:32:47 PM
Quote from: cookiemonster on Today at 03:25:38 PMhttps://forum.opnsense.org/index.php?topic=52191.msg269089;topicseen#msg269089
Double post or similar but separate problem?
This issue is related to that issue as he mentions there two or three times ;)

Hi, that other topic was really not about this issue and I only casually mentioned it as a side-effect.
But it could possible be the main root why it never shut down as it is hanging waiting for suricata PID to stop but never does unless i brutally kill it.

So question is how to proceed. 

I will try what was proposed and we'll see what happens.

>Try running "/usr/local/etc/rc.d/suricata onestop" in the terminal and see what happens and then go and check what's in the "Services -> Intrusion Detection -> >Log File"
>
>/usr/local/etc/rc.d/suricata onestop

//Dan Lundqvist
Best regards
Dan Lundqvist (mrzaz)

"It's better to burn up, than fade away..." (Highlander)
Print
Go Up Pages1
User actions