Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to diagnose non starting packages

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 3 Posters 295 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TTWE
      last edited by

      Hi

      I have just installed PFsense and in the process of setting it up.
      However when I went to install additional packages (Suricata) they wont start at all (I have tried other as a test and non of them start).
      I don't get any error messages and I have looked in the system logs, however being new to this I have had no luck.

      I would greatly appreciate any help I can get trying to diagnose this problem. I will put all the information I have and the system specs underneath.

      Many Thanks TTWE

      Version 2.4.5-RELEASE (amd64)
      built on Tue Mar 24 15:25:50 EDT 2020
      FreeBSD 11.3-STABLE

      CPU Type Intel(R) Xeon(R) CPU E5630 @ 2.53GHz
      16 CPUs: 2 package(s) x 4 core(s) x 2 hardware threads
      AES-NI CPU Crypto: Yes (inactive)
      Memory 64 GB 1% average use.

      suricata security 5.0.2_2 High Performance Network IDS, IPS and Security Monitoring engine by OISF.

      NollipfSenseN bmeeksB 2 Replies Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @TTWE
        last edited by NollipfSense

        @TTWE You may find the solution here: https://docs.netgate.com/pfsense/en/latest/book/hardware/hardware-sizing-guidance.html ... hint: search the forum on Suricata and multi-core CPU. Congratulations on choosing pfSense and welcome to a learning process where no one wants to hold your hands while you learn.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks @TTWE
          last edited by bmeeks

          @TTWE said in Trying to diagnose non starting packages:

          Hi

          I have just installed PFsense and in the process of setting it up.
          However when I went to install additional packages (Suricata) they wont start at all (I have tried other as a test and non of them start).
          I don't get any error messages and I have looked in the system logs, however being new to this I have had no luck.

          I would greatly appreciate any help I can get trying to diagnose this problem. I will put all the information I have and the system specs underneath.

          Many Thanks TTWE

          Version 2.4.5-RELEASE (amd64)
          built on Tue Mar 24 15:25:50 EDT 2020
          FreeBSD 11.3-STABLE

          CPU Type Intel(R) Xeon(R) CPU E5630 @ 2.53GHz
          16 CPUs: 2 package(s) x 4 core(s) x 2 hardware threads
          AES-NI CPU Crypto: Yes (inactive)
          Memory 64 GB 1% average use.

          suricata security 5.0.2_2 High Performance Network IDS, IPS and Security Monitoring engine by OISF.

          You can find out why Suricata is not starting by going to the LOGS VIEW tab, selecting the interface you want to view logs for in the Interface drop-down selector, and then choosing the suricata.log file in the log file drop-down selector.

          I can pretty much guarantee you that your problem is going to me a memory allocation error due to an insufficient TCP Stream Memcap setting. For high core-count boxes you need to dramatically increase the stream memcap value on the Flow/Stream tab. Try 256 MB and then work up there since you have so many CPUs and cores.

          Here is a link to the Suricata upstream Redmine site where they have a project underway to improve the OOBE (out-of-box experience) by improving some default values: https://redmine.openinfosecfoundation.org/issues/1343. Once they incorporate those into Suricata, I will make some updates to the pfSense package. But in order to not create a memory hog on smaller systems, I may not use values quite as large as mentioned in that thread.

          The current default in the pfSense package is fine for dual or quad-core CPUs, but is not enough for high core-count boxes like you have.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.