Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Suricata crash on latest 2.4.0-rc

    IDS/IPS
    3
    10
    1386
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      strangegopher last edited by

      Hi,

      I am having issues with suricata running as it exists with error:

      Sep 24 13:34:00 kernel pid 39811 (suricata), uid 0: exited on signal 11 (core dumped)

      Here is the crash report after I tried to remove all config files (uncheck box in global config) and reinstall suricata:

      					Crash report begins.  Anonymous machine information:

amd64
11.0-RELEASE-p12
FreeBSD 11.0-RELEASE-p12 #60 e61693d0fa9(RELENG_2_4_0): Mon Sep 25 00:23:04 CDT 2017     root@buildbot2.netgate.com:/builder/ce-240/tmp/obj/builder/ce-240/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[25-Sep-2017 08:42:21 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:21 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:21 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:21 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:21 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:21 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:21 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:21 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:42:21 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:21 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:21 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:21 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:21 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:21 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:21 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:21 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:42:21 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:21 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:21 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:21 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:21 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:21 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:21 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:21 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:42:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:48 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:48 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:48 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:48 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:48 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:48 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:48 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:42:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:48 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:48 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:48 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:48 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:48 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:48 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:48 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:42:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:48 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:48 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:48 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:48 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:48 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:48 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:48 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:45:22 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:45:22 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:45:22 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:45:22 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:45:22 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:45:22 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:45:22 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:45:22 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:45:22 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:45:22 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:45:22 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:45:22 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:45:22 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:45:22 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:45:22 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:45:22 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:45:22 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:45:22 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:45:22 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:45:22 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:45:22 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:45:22 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:45:22 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:45:22 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:48:45 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:48:45 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:48:45 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:48:45 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:48:45 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:48:45 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:48:45 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:48:45 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:48:45 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:48:45 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:48:45 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:48:45 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:48:45 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:48:45 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:48:45 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:48:45 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:48:45 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:48:45 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:48:45 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:48:45 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:48:45 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:48:45 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:48:45 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:48:45 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:56:23 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:23 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:23 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:23 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:23 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:23 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:23 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:23 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:56:23 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:23 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:23 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:23 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:23 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:23 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:23 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:23 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:56:23 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:23 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:23 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:23 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:23 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:23 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:23 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:23 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:56:52 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:52 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:52 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:52 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:52 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:52 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:52 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:52 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:56:52 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:52 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:52 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:52 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:52 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:52 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:52 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:52 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:56:52 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:52 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:52 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:52 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:52 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:52 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:52 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:52 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859

Filename: /var/crash/minfree
2048

      All I want to do is remove the config and then reinstall but it appears that the config remains and it is causing the crash.
      I tried searching for suricata keyword and removing config manually but had same issue.

      Thanks

      edit more crash reports:

      					Crash report begins.  Anonymous machine information:

amd64
11.0-RELEASE-p12
FreeBSD 11.0-RELEASE-p12 #60 e61693d0fa9(RELENG_2_4_0): Mon Sep 25 00:23:04 CDT 2017     root@buildbot2.netgate.com:/builder/ce-240/tmp/obj/builder/ce-240/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[25-Sep-2017 09:06:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 09:06:48 America/Vancouver] PHP   1\. {main}() /usr/local/www/suricata/suricata_global.php:0
[25-Sep-2017 09:06:48 America/Vancouver] PHP   2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164
[25-Sep-2017 09:06:48 America/Vancouver] PHP   3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 09:06:48 America/Vancouver] PHP   4\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 09:06:48 America/Vancouver] PHP   5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 09:06:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 09:06:48 America/Vancouver] PHP   1\. {main}() /usr/local/www/suricata/suricata_global.php:0
[25-Sep-2017 09:06:48 America/Vancouver] PHP   2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164
[25-Sep-2017 09:06:48 America/Vancouver] PHP   3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 09:06:48 America/Vancouver] PHP   4\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 09:06:48 America/Vancouver] PHP   5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 09:06:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 09:06:48 America/Vancouver] PHP   1\. {main}() /usr/local/www/suricata/suricata_global.php:0
[25-Sep-2017 09:06:48 America/Vancouver] PHP   2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164
[25-Sep-2017 09:06:48 America/Vancouver] PHP   3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 09:06:48 America/Vancouver] PHP   4\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 09:06:48 America/Vancouver] PHP   5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859

No FreeBSD crash data found.

      here are the files I manually removed:

      rm /var/cache/pkg/pfSense-pkg-suricata-4.0.0_1-891331e2bc.txz
rm /var/cache/pkg/suricata-4.0.0-1c37f13723.txz
rm /var/cache/pkg/suricata-4.0.0.txz
rm /var/cache/pkg/pfSense-pkg-suricata-4.0.0_1.txz
rm /cf/conf/pkg_log_pfSense-pkg-suricata.txt
rm /root/suricata.core
rm -rf /usr/local/share/pfSense-pkg-suricata
rm /usr/local/etc/rc.d/suricata.sh
      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        I hate to have to tell you this, but you've made quite a large mess now by manually removing so many files.  That is not the way to uninstall packages on pfSense!

        Do you have an older config.xml file from a previous backup before you installed Suricata?  If so, simply restore that configuration.

        If you don't then you can hand-edit the current config.xml file to remove the Suricata package configuration info.  That file is an XML-format file.  You will find the Suricata information in the <packages><suricata>section.  Before you attempt any editing of that file, do a backup using the option under DIAGNOSTICS > BACKUP AND RESTORE

        Bill</suricata></packages>

        1 Reply Last reply Reply Quote 0
        • S
          strangegopher last edited by

          Did what you said and now the errors are gone but suricata still won't start with default settings.

          Switching back to snort for now.

          1 Reply Last reply Reply Quote 0
          • bmeeks
            bmeeks last edited by

            @strangegopher:

            Did what you said and now the errors are gone but suricata still won't start with default settings.

            Switching back to snort for now.

            Did you look in the Suricata log under the LOGS tab to see what it was bombing out on?  Suricata does a good job of logging what happens when things go wrong.  Take a look at the suricata.log to see what it says about the startup failure.

            Bill

            1 Reply Last reply Reply Quote 0
            • S
              strangegopher last edited by

              @bmeeks:

              @strangegopher:

              Did what you said and now the errors are gone but suricata still won't start with default settings.

              Switching back to snort for now.

              Did you look in the Suricata log under the LOGS tab to see what it was bombing out on?  Suricata does a good job of logging what happens when things go wrong.  Take a look at the suricata.log to see what it says about the startup failure.

              Bill

              here is what is bombing out:

              26/9/2017 -- 20:07:45 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:07:45 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:07:45 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:07:45 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:07:45 - <info>-- 1 rule files processed. 233 rules successfully loaded, 0 rules failed
26/9/2017 -- 20:07:45 - <info>-- Threshold config parsed: 0 rule(s) found
26/9/2017 -- 20:07:45 - <info>-- 233 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 72 inspect application layer, 102 are decoder event only
26/9/2017 -- 20:07:45 - <info>-- fast output device (regular) initialized: alerts.log
26/9/2017 -- 20:07:45 - <info>-- http-log output device (regular) initialized: http.log
26/9/2017 -- 20:07:45 - <info>-- Using 1 live device(s).
26/9/2017 -- 20:07:46 - <info>-- using interface igb3
26/9/2017 -- 20:07:46 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
26/9/2017 -- 20:07:46 - <info>-- Found an MTU of 1500 for 'igb3'
26/9/2017 -- 20:07:46 - <info>-- Set snaplen to 1524 for 'igb3'
26/9/2017 -- 20:07:46 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
26/9/2017 -- 20:07:46 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed
26/9/2017 -- 20:08:09 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:08:09 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:08:09 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:08:09 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:08:09 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting!
26/9/2017 -- 20:08:40 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:08:40 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:08:40 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:08:40 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:08:40 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting!
26/9/2017 -- 20:10:07 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:10:07 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:10:07 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:10:07 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:10:07 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting!</error></notice></info></info></notice></error></notice></info></info></notice></error></notice></info></info></notice></error></error></info></info></info></info></info></info></info></info></info></info></notice></info></info></notice>

              after removing the pid file:

              26/9/2017 -- 20:13:52 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:13:52 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:13:52 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:13:52 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:13:52 - <info>-- 1 rule files processed. 233 rules successfully loaded, 0 rules failed
26/9/2017 -- 20:13:52 - <info>-- Threshold config parsed: 0 rule(s) found
26/9/2017 -- 20:13:52 - <info>-- 233 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 72 inspect application layer, 102 are decoder event only
26/9/2017 -- 20:13:52 - <info>-- fast output device (regular) initialized: alerts.log
26/9/2017 -- 20:13:52 - <info>-- http-log output device (regular) initialized: http.log
26/9/2017 -- 20:13:52 - <info>-- Using 1 live device(s).
26/9/2017 -- 20:13:52 - <info>-- using interface igb3
26/9/2017 -- 20:13:53 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
26/9/2017 -- 20:13:53 - <info>-- Found an MTU of 1500 for 'igb3'
26/9/2017 -- 20:13:53 - <info>-- Set snaplen to 1524 for 'igb3'
26/9/2017 -- 20:13:53 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
26/9/2017 -- 20:13:53 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed</error></error></info></info></info></info></info></info></info></info></info></info></notice></info></info></notice>
              1 Reply Last reply Reply Quote 0
              • bmeeks
                bmeeks last edited by

                You need to greatly increase the Stream Memory Cap.  You can find the setting on the FLOW/STREAM tab.  Start by doubling the default value and see if that helps.  Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks.  Split the difference in the two points.

                Bill

                1 Reply Last reply Reply Quote 0
                • S
                  strangegopher last edited by

                  @bmeeks:

                  You need to greatly increase the Stream Memory Cap.  You can find the setting on the FLOW/STREAM tab.  Start by doubling the default value and see if that helps.  Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks.  Split the difference in the two points.

                  Bill

                  Thanks doubling fixed the issue.

                  1 Reply Last reply Reply Quote 0
                  • bmeeks
                    bmeeks last edited by

                    @strangegopher:

                    @bmeeks:

                    You need to greatly increase the Stream Memory Cap.  You can find the setting on the FLOW/STREAM tab.  Start by doubling the default value and see if that helps.  Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks.  Split the difference in the two points.

                    Bill

                    Thanks doubling fixed the issue.

                    Thanks for the feedback.  May help others that encounter the same problem.  Lots of CPU cores causes Suricata to want a lot stream capture memory.  The defaults are fine for most installations, but high core count CPUs will necessitate bumping up the stream memcap limit by a lot.

                    Bill

                    1 Reply Last reply Reply Quote 0
                    • F
                      fireix last edited by

                      I also have the same problem, just upgraded to latest version.

                      I first had problem with Snort, but gave up because I couldn't find any usefull log-entries and I reset all rules. Installed Suricata and pretty fast after install I got a better log-viewer and similar error as the threadstarter.

                      Will try the same fix and see if it helps. I have a pretty fast pfSense-device.

                      
10/2017 -- 01:51:25 - <info>-- Set snaplen to 1524 for 'igb0'
4/10/2017 -- 01:51:26 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
4/10/2017 -- 01:51:26 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed
4/10/2017 -- 01:51:42 - <notice>-- This is Suricata version 4.0.0 RELEASE
4/10/2017 -- 01:51:42 - <info>-- CPUs/cores online: 8
4/10/2017 -- 01:51:42 - <info>-- HTTP memcap: 67108864
4/10/2017 -- 01:51:42 - <notice>-- using flow hash instead of active packets
4/10/2017 -- 01:51:42 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb033693.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb033693.pid. Aborting!</error></notice></info></info></notice></error></error></info>

                      UPDATE: Fixed here as well!

                      1 Reply Last reply Reply Quote 0
                      • bmeeks
                        bmeeks last edited by

                        I think I will bump up the defaults for Stream and Reassembly Memcap values in a future release.

                        Bill

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        Products

                        • Platform Overview
                        • TNSR
                        • pfSense
                        • Appliances

                        Services

                        • Training
                        • Professional Services

                        Support

                        • Subscription Plans
                        • Contact Support
                        • Product Lifecycle
                        • Documentation

                        News

                        • Media Coverage
                        • Press
                        • Events

                        Resources

                        • Blog
                        • FAQ
                        • Find a Partner
                        • Resource Library
                        • Security Information

                        Company

                        • About Us
                        • Careers
                        • Partners
                        • Contact Us
                        • Legal
                        Our Mission

                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                        Subscribe to our Newsletter

                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                        © 2021 Rubicon Communications, LLC | Privacy Policy