Suricata crash on latest 2.4.0-rc
-
Hi,
I am having issues with suricata running as it exists with error:
Sep 24 13:34:00 kernel pid 39811 (suricata), uid 0: exited on signal 11 (core dumped)
Here is the crash report after I tried to remove all config files (uncheck box in global config) and reinstall suricata:
Crash report begins. Anonymous machine information: amd64 11.0-RELEASE-p12 FreeBSD 11.0-RELEASE-p12 #60 e61693d0fa9(RELENG_2_4_0): Mon Sep 25 00:23:04 CDT 2017 root@buildbot2.netgate.com:/builder/ce-240/tmp/obj/builder/ce-240/tmp/FreeBSD-src/sys/pfSense Crash report details: PHP Errors: [25-Sep-2017 08:42:21 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855 [25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:42:21 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:42:21 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:42:21 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:42:21 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:42:21 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:42:21 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:42:21 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855 [25-Sep-2017 08:42:21 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857 [25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:42:21 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:42:21 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:42:21 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:42:21 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:42:21 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:42:21 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:42:21 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857 [25-Sep-2017 08:42:21 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859 [25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:42:21 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:42:21 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:42:21 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:42:21 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:42:21 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:42:21 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:42:21 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859 [25-Sep-2017 08:42:48 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855 [25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:42:48 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:42:48 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:42:48 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:42:48 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:42:48 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:42:48 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:42:48 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855 [25-Sep-2017 08:42:48 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857 [25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:42:48 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:42:48 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:42:48 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:42:48 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:42:48 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:42:48 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:42:48 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857 [25-Sep-2017 08:42:48 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859 [25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:42:48 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:42:48 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:42:48 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:42:48 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:42:48 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:42:48 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:42:48 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859 [25-Sep-2017 08:45:22 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855 [25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:45:22 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:45:22 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:45:22 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:45:22 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:45:22 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:45:22 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:45:22 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855 [25-Sep-2017 08:45:22 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857 [25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:45:22 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:45:22 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:45:22 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:45:22 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:45:22 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:45:22 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:45:22 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857 [25-Sep-2017 08:45:22 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859 [25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:45:22 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:45:22 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:45:22 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:45:22 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:45:22 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:45:22 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:45:22 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859 [25-Sep-2017 08:48:45 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855 [25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:48:45 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:48:45 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:48:45 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:48:45 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:48:45 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:48:45 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:48:45 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855 [25-Sep-2017 08:48:45 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857 [25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:48:45 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:48:45 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:48:45 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:48:45 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:48:45 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:48:45 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:48:45 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857 [25-Sep-2017 08:48:45 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859 [25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:48:45 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:48:45 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:48:45 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:48:45 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:48:45 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:48:45 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:48:45 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859 [25-Sep-2017 08:56:23 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855 [25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:56:23 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:56:23 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:56:23 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:56:23 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:56:23 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:56:23 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:56:23 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855 [25-Sep-2017 08:56:23 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857 [25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:56:23 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:56:23 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:56:23 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:56:23 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:56:23 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:56:23 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:56:23 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857 [25-Sep-2017 08:56:23 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859 [25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:56:23 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:56:23 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:56:23 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:56:23 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:56:23 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:56:23 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:56:23 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859 [25-Sep-2017 08:56:52 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855 [25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:56:52 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:56:52 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:56:52 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:56:52 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:56:52 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:56:52 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:56:52 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855 [25-Sep-2017 08:56:52 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857 [25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:56:52 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:56:52 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:56:52 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:56:52 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:56:52 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:56:52 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:56:52 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857 [25-Sep-2017 08:56:52 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859 [25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace: [25-Sep-2017 08:56:52 America/Vancouver] PHP 1\. {main}() /etc/rc.start_packages:0 [25-Sep-2017 08:56:52 America/Vancouver] PHP 2\. sync_package() /etc/rc.start_packages:58 [25-Sep-2017 08:56:52 America/Vancouver] PHP 3\. eval() /etc/inc/pkg-utils.inc:656 [25-Sep-2017 08:56:52 America/Vancouver] PHP 4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1 [25-Sep-2017 08:56:52 America/Vancouver] PHP 5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 08:56:52 America/Vancouver] PHP 6\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 08:56:52 America/Vancouver] PHP 7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859 Filename: /var/crash/minfree 2048
All I want to do is remove the config and then reinstall but it appears that the config remains and it is causing the crash.
I tried searching for suricata keyword and removing config manually but had same issue.Thanks
edit more crash reports:
Crash report begins. Anonymous machine information: amd64 11.0-RELEASE-p12 FreeBSD 11.0-RELEASE-p12 #60 e61693d0fa9(RELENG_2_4_0): Mon Sep 25 00:23:04 CDT 2017 root@buildbot2.netgate.com:/builder/ce-240/tmp/obj/builder/ce-240/tmp/FreeBSD-src/sys/pfSense Crash report details: PHP Errors: [25-Sep-2017 09:06:48 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855 [25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace: [25-Sep-2017 09:06:48 America/Vancouver] PHP 1\. {main}() /usr/local/www/suricata/suricata_global.php:0 [25-Sep-2017 09:06:48 America/Vancouver] PHP 2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164 [25-Sep-2017 09:06:48 America/Vancouver] PHP 3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 09:06:48 America/Vancouver] PHP 4\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 09:06:48 America/Vancouver] PHP 5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855 [25-Sep-2017 09:06:48 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857 [25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace: [25-Sep-2017 09:06:48 America/Vancouver] PHP 1\. {main}() /usr/local/www/suricata/suricata_global.php:0 [25-Sep-2017 09:06:48 America/Vancouver] PHP 2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164 [25-Sep-2017 09:06:48 America/Vancouver] PHP 3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 09:06:48 America/Vancouver] PHP 4\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 09:06:48 America/Vancouver] PHP 5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857 [25-Sep-2017 09:06:48 America/Vancouver] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859 [25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace: [25-Sep-2017 09:06:48 America/Vancouver] PHP 1\. {main}() /usr/local/www/suricata/suricata_global.php:0 [25-Sep-2017 09:06:48 America/Vancouver] PHP 2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164 [25-Sep-2017 09:06:48 America/Vancouver] PHP 3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883 [25-Sep-2017 09:06:48 America/Vancouver] PHP 4\. include() /usr/local/pkg/suricata/suricata.inc:3662 [25-Sep-2017 09:06:48 America/Vancouver] PHP 5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859 No FreeBSD crash data found.
here are the files I manually removed:
rm /var/cache/pkg/pfSense-pkg-suricata-4.0.0_1-891331e2bc.txz rm /var/cache/pkg/suricata-4.0.0-1c37f13723.txz rm /var/cache/pkg/suricata-4.0.0.txz rm /var/cache/pkg/pfSense-pkg-suricata-4.0.0_1.txz rm /cf/conf/pkg_log_pfSense-pkg-suricata.txt rm /root/suricata.core rm -rf /usr/local/share/pfSense-pkg-suricata rm /usr/local/etc/rc.d/suricata.sh
-
I hate to have to tell you this, but you've made quite a large mess now by manually removing so many files. That is not the way to uninstall packages on pfSense!
Do you have an older config.xml file from a previous backup before you installed Suricata? If so, simply restore that configuration.
If you don't then you can hand-edit the current config.xml file to remove the Suricata package configuration info. That file is an XML-format file. You will find the Suricata information in the <packages><suricata>section. Before you attempt any editing of that file, do a backup using the option under DIAGNOSTICS > BACKUP AND RESTORE
Bill</suricata></packages>
-
Did what you said and now the errors are gone but suricata still won't start with default settings.
Switching back to snort for now.
-
Did what you said and now the errors are gone but suricata still won't start with default settings.
Switching back to snort for now.
Did you look in the Suricata log under the LOGS tab to see what it was bombing out on? Suricata does a good job of logging what happens when things go wrong. Take a look at the suricata.log to see what it says about the startup failure.
Bill
-
Did what you said and now the errors are gone but suricata still won't start with default settings.
Switching back to snort for now.
Did you look in the Suricata log under the LOGS tab to see what it was bombing out on? Suricata does a good job of logging what happens when things go wrong. Take a look at the suricata.log to see what it says about the startup failure.
Bill
here is what is bombing out:
26/9/2017 -- 20:07:45 - <notice>-- This is Suricata version 4.0.0 RELEASE 26/9/2017 -- 20:07:45 - <info>-- CPUs/cores online: 8 26/9/2017 -- 20:07:45 - <info>-- HTTP memcap: 67108864 26/9/2017 -- 20:07:45 - <notice>-- using flow hash instead of active packets 26/9/2017 -- 20:07:45 - <info>-- 1 rule files processed. 233 rules successfully loaded, 0 rules failed 26/9/2017 -- 20:07:45 - <info>-- Threshold config parsed: 0 rule(s) found 26/9/2017 -- 20:07:45 - <info>-- 233 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 72 inspect application layer, 102 are decoder event only 26/9/2017 -- 20:07:45 - <info>-- fast output device (regular) initialized: alerts.log 26/9/2017 -- 20:07:45 - <info>-- http-log output device (regular) initialized: http.log 26/9/2017 -- 20:07:45 - <info>-- Using 1 live device(s). 26/9/2017 -- 20:07:46 - <info>-- using interface igb3 26/9/2017 -- 20:07:46 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets. 26/9/2017 -- 20:07:46 - <info>-- Found an MTU of 1500 for 'igb3' 26/9/2017 -- 20:07:46 - <info>-- Set snaplen to 1524 for 'igb3' 26/9/2017 -- 20:07:46 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error 26/9/2017 -- 20:07:46 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed 26/9/2017 -- 20:08:09 - <notice>-- This is Suricata version 4.0.0 RELEASE 26/9/2017 -- 20:08:09 - <info>-- CPUs/cores online: 8 26/9/2017 -- 20:08:09 - <info>-- HTTP memcap: 67108864 26/9/2017 -- 20:08:09 - <notice>-- using flow hash instead of active packets 26/9/2017 -- 20:08:09 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting! 26/9/2017 -- 20:08:40 - <notice>-- This is Suricata version 4.0.0 RELEASE 26/9/2017 -- 20:08:40 - <info>-- CPUs/cores online: 8 26/9/2017 -- 20:08:40 - <info>-- HTTP memcap: 67108864 26/9/2017 -- 20:08:40 - <notice>-- using flow hash instead of active packets 26/9/2017 -- 20:08:40 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting! 26/9/2017 -- 20:10:07 - <notice>-- This is Suricata version 4.0.0 RELEASE 26/9/2017 -- 20:10:07 - <info>-- CPUs/cores online: 8 26/9/2017 -- 20:10:07 - <info>-- HTTP memcap: 67108864 26/9/2017 -- 20:10:07 - <notice>-- using flow hash instead of active packets 26/9/2017 -- 20:10:07 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting!</error></notice></info></info></notice></error></notice></info></info></notice></error></notice></info></info></notice></error></error></info></info></info></info></info></info></info></info></info></info></notice></info></info></notice>
after removing the pid file:
26/9/2017 -- 20:13:52 - <notice>-- This is Suricata version 4.0.0 RELEASE 26/9/2017 -- 20:13:52 - <info>-- CPUs/cores online: 8 26/9/2017 -- 20:13:52 - <info>-- HTTP memcap: 67108864 26/9/2017 -- 20:13:52 - <notice>-- using flow hash instead of active packets 26/9/2017 -- 20:13:52 - <info>-- 1 rule files processed. 233 rules successfully loaded, 0 rules failed 26/9/2017 -- 20:13:52 - <info>-- Threshold config parsed: 0 rule(s) found 26/9/2017 -- 20:13:52 - <info>-- 233 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 72 inspect application layer, 102 are decoder event only 26/9/2017 -- 20:13:52 - <info>-- fast output device (regular) initialized: alerts.log 26/9/2017 -- 20:13:52 - <info>-- http-log output device (regular) initialized: http.log 26/9/2017 -- 20:13:52 - <info>-- Using 1 live device(s). 26/9/2017 -- 20:13:52 - <info>-- using interface igb3 26/9/2017 -- 20:13:53 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets. 26/9/2017 -- 20:13:53 - <info>-- Found an MTU of 1500 for 'igb3' 26/9/2017 -- 20:13:53 - <info>-- Set snaplen to 1524 for 'igb3' 26/9/2017 -- 20:13:53 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error 26/9/2017 -- 20:13:53 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed</error></error></info></info></info></info></info></info></info></info></info></info></notice></info></info></notice>
-
You need to greatly increase the Stream Memory Cap. You can find the setting on the FLOW/STREAM tab. Start by doubling the default value and see if that helps. Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks. Split the difference in the two points.
Bill
-
You need to greatly increase the Stream Memory Cap. You can find the setting on the FLOW/STREAM tab. Start by doubling the default value and see if that helps. Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks. Split the difference in the two points.
Bill
Thanks doubling fixed the issue.
-
You need to greatly increase the Stream Memory Cap. You can find the setting on the FLOW/STREAM tab. Start by doubling the default value and see if that helps. Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks. Split the difference in the two points.
Bill
Thanks doubling fixed the issue.
Thanks for the feedback. May help others that encounter the same problem. Lots of CPU cores causes Suricata to want a lot stream capture memory. The defaults are fine for most installations, but high core count CPUs will necessitate bumping up the stream memcap limit by a lot.
Bill
-
I also have the same problem, just upgraded to latest version.
I first had problem with Snort, but gave up because I couldn't find any usefull log-entries and I reset all rules. Installed Suricata and pretty fast after install I got a better log-viewer and similar error as the threadstarter.
Will try the same fix and see if it helps. I have a pretty fast pfSense-device.
10/2017 -- 01:51:25 - <info>-- Set snaplen to 1524 for 'igb0' 4/10/2017 -- 01:51:26 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error 4/10/2017 -- 01:51:26 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed 4/10/2017 -- 01:51:42 - <notice>-- This is Suricata version 4.0.0 RELEASE 4/10/2017 -- 01:51:42 - <info>-- CPUs/cores online: 8 4/10/2017 -- 01:51:42 - <info>-- HTTP memcap: 67108864 4/10/2017 -- 01:51:42 - <notice>-- using flow hash instead of active packets 4/10/2017 -- 01:51:42 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb033693.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb033693.pid. Aborting!</error></notice></info></info></notice></error></error></info>
UPDATE: Fixed here as well!
-
I think I will bump up the defaults for Stream and Reassembly Memcap values in a future release.
Bill