4. Suricata crash on latest 2.4.0-rc

Suricata crash on latest 2.4.0-rc

  • S

    Hi,

    I am having issues with suricata running as it exists with error:

    Sep 24 13:34:00 kernel pid 39811 (suricata), uid 0: exited on signal 11 (core dumped)

    Here is the crash report after I tried to remove all config files (uncheck box in global config) and reinstall suricata:

    					Crash report begins.  Anonymous machine information:

amd64
11.0-RELEASE-p12
FreeBSD 11.0-RELEASE-p12 #60 e61693d0fa9(RELENG_2_4_0): Mon Sep 25 00:23:04 CDT 2017     root@buildbot2.netgate.com:/builder/ce-240/tmp/obj/builder/ce-240/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[25-Sep-2017 08:42:21 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:21 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:21 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:21 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:21 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:21 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:21 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:21 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:42:21 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:21 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:21 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:21 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:21 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:21 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:21 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:21 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:42:21 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:42:21 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:21 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:21 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:21 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:21 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:21 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:21 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:21 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:42:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:48 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:48 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:48 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:48 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:48 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:48 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:48 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:42:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:48 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:48 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:48 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:48 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:48 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:48 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:48 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:42:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:42:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:42:48 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:42:48 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:42:48 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:42:48 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:42:48 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:42:48 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:42:48 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:45:22 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:45:22 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:45:22 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:45:22 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:45:22 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:45:22 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:45:22 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:45:22 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:45:22 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:45:22 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:45:22 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:45:22 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:45:22 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:45:22 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:45:22 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:45:22 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:45:22 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:45:22 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:45:22 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:45:22 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:45:22 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:45:22 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:45:22 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:45:22 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:45:22 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:48:45 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:48:45 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:48:45 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:48:45 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:48:45 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:48:45 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:48:45 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:48:45 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:48:45 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:48:45 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:48:45 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:48:45 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:48:45 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:48:45 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:48:45 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:48:45 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:48:45 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:48:45 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:48:45 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:48:45 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:48:45 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:48:45 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:48:45 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:48:45 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:48:45 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:56:23 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:23 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:23 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:23 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:23 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:23 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:23 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:23 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:56:23 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:23 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:23 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:23 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:23 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:23 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:23 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:23 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:56:23 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:56:23 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:23 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:23 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:23 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:23 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:23 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:23 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:23 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859
[25-Sep-2017 08:56:52 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:52 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:52 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:52 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:52 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:52 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:52 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:52 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 08:56:52 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:52 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:52 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:52 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:52 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:52 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:52 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:52 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 08:56:52 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 08:56:52 America/Vancouver] PHP Stack trace:
[25-Sep-2017 08:56:52 America/Vancouver] PHP   1\. {main}() /etc/rc.start_packages:0
[25-Sep-2017 08:56:52 America/Vancouver] PHP   2\. sync_package() /etc/rc.start_packages:58
[25-Sep-2017 08:56:52 America/Vancouver] PHP   3\. eval() /etc/inc/pkg-utils.inc:656
[25-Sep-2017 08:56:52 America/Vancouver] PHP   4\. sync_suricata_package_config() /etc/inc/pkg-utils.inc(656) : eval()'d code:1
[25-Sep-2017 08:56:52 America/Vancouver] PHP   5\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 08:56:52 America/Vancouver] PHP   6\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 08:56:52 America/Vancouver] PHP   7\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859

Filename: /var/crash/minfree
2048

    All I want to do is remove the config and then reinstall but it appears that the config remains and it is causing the crash.
    I tried searching for suricata keyword and removing config manually but had same issue.

    Thanks

    edit more crash reports:

    					Crash report begins.  Anonymous machine information:

amd64
11.0-RELEASE-p12
FreeBSD 11.0-RELEASE-p12 #60 e61693d0fa9(RELENG_2_4_0): Mon Sep 25 00:23:04 CDT 2017     root@buildbot2.netgate.com:/builder/ce-240/tmp/obj/builder/ce-240/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[25-Sep-2017 09:06:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 855
[25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 09:06:48 America/Vancouver] PHP   1\. {main}() /usr/local/www/suricata/suricata_global.php:0
[25-Sep-2017 09:06:48 America/Vancouver] PHP   2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164
[25-Sep-2017 09:06:48 America/Vancouver] PHP   3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 09:06:48 America/Vancouver] PHP   4\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 09:06:48 America/Vancouver] PHP   5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:855
[25-Sep-2017 09:06:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 857
[25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 09:06:48 America/Vancouver] PHP   1\. {main}() /usr/local/www/suricata/suricata_global.php:0
[25-Sep-2017 09:06:48 America/Vancouver] PHP   2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164
[25-Sep-2017 09:06:48 America/Vancouver] PHP   3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 09:06:48 America/Vancouver] PHP   4\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 09:06:48 America/Vancouver] PHP   5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:857
[25-Sep-2017 09:06:48 America/Vancouver] PHP Warning:  filesize(): stat failed for /usr/local/etc/suricata/suricata_19177_igb0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 859
[25-Sep-2017 09:06:48 America/Vancouver] PHP Stack trace:
[25-Sep-2017 09:06:48 America/Vancouver] PHP   1\. {main}() /usr/local/www/suricata/suricata_global.php:0
[25-Sep-2017 09:06:48 America/Vancouver] PHP   2\. sync_suricata_package_config() /usr/local/www/suricata/suricata_global.php:164
[25-Sep-2017 09:06:48 America/Vancouver] PHP   3\. suricata_generate_yaml() /usr/local/pkg/suricata/suricata.inc:883
[25-Sep-2017 09:06:48 America/Vancouver] PHP   4\. include() /usr/local/pkg/suricata/suricata.inc:3662
[25-Sep-2017 09:06:48 America/Vancouver] PHP   5\. filesize() /usr/local/pkg/suricata/suricata_generate_yaml.php:859

No FreeBSD crash data found.

    here are the files I manually removed:

    rm /var/cache/pkg/pfSense-pkg-suricata-4.0.0_1-891331e2bc.txz
rm /var/cache/pkg/suricata-4.0.0-1c37f13723.txz
rm /var/cache/pkg/suricata-4.0.0.txz
rm /var/cache/pkg/pfSense-pkg-suricata-4.0.0_1.txz
rm /cf/conf/pkg_log_pfSense-pkg-suricata.txt
rm /root/suricata.core
rm -rf /usr/local/share/pfSense-pkg-suricata
rm /usr/local/etc/rc.d/suricata.sh
    0

  • I hate to have to tell you this, but you've made quite a large mess now by manually removing so many files.  That is not the way to uninstall packages on pfSense!

    Do you have an older config.xml file from a previous backup before you installed Suricata?  If so, simply restore that configuration.

    If you don't then you can hand-edit the current config.xml file to remove the Suricata package configuration info.  That file is an XML-format file.  You will find the Suricata information in the <packages><suricata>section.  Before you attempt any editing of that file, do a backup using the option under DIAGNOSTICS > BACKUP AND RESTORE

    Bill</suricata></packages>

    0
  • S

    Did what you said and now the errors are gone but suricata still won't start with default settings.

    Switching back to snort for now.

    0

  • @strangegopher:

    Did what you said and now the errors are gone but suricata still won't start with default settings.

    Switching back to snort for now.

    Did you look in the Suricata log under the LOGS tab to see what it was bombing out on?  Suricata does a good job of logging what happens when things go wrong.  Take a look at the suricata.log to see what it says about the startup failure.

    Bill

    0
  • S

    @bmeeks:

    @strangegopher:

    Did what you said and now the errors are gone but suricata still won't start with default settings.

    Switching back to snort for now.

    Did you look in the Suricata log under the LOGS tab to see what it was bombing out on?  Suricata does a good job of logging what happens when things go wrong.  Take a look at the suricata.log to see what it says about the startup failure.

    Bill

    here is what is bombing out:

    26/9/2017 -- 20:07:45 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:07:45 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:07:45 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:07:45 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:07:45 - <info>-- 1 rule files processed. 233 rules successfully loaded, 0 rules failed
26/9/2017 -- 20:07:45 - <info>-- Threshold config parsed: 0 rule(s) found
26/9/2017 -- 20:07:45 - <info>-- 233 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 72 inspect application layer, 102 are decoder event only
26/9/2017 -- 20:07:45 - <info>-- fast output device (regular) initialized: alerts.log
26/9/2017 -- 20:07:45 - <info>-- http-log output device (regular) initialized: http.log
26/9/2017 -- 20:07:45 - <info>-- Using 1 live device(s).
26/9/2017 -- 20:07:46 - <info>-- using interface igb3
26/9/2017 -- 20:07:46 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
26/9/2017 -- 20:07:46 - <info>-- Found an MTU of 1500 for 'igb3'
26/9/2017 -- 20:07:46 - <info>-- Set snaplen to 1524 for 'igb3'
26/9/2017 -- 20:07:46 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
26/9/2017 -- 20:07:46 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed
26/9/2017 -- 20:08:09 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:08:09 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:08:09 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:08:09 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:08:09 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting!
26/9/2017 -- 20:08:40 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:08:40 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:08:40 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:08:40 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:08:40 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting!
26/9/2017 -- 20:10:07 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:10:07 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:10:07 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:10:07 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:10:07 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb325806.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb325806.pid. Aborting!</error></notice></info></info></notice></error></notice></info></info></notice></error></notice></info></info></notice></error></error></info></info></info></info></info></info></info></info></info></info></notice></info></info></notice>

    after removing the pid file:

    26/9/2017 -- 20:13:52 - <notice>-- This is Suricata version 4.0.0 RELEASE
26/9/2017 -- 20:13:52 - <info>-- CPUs/cores online: 8
26/9/2017 -- 20:13:52 - <info>-- HTTP memcap: 67108864
26/9/2017 -- 20:13:52 - <notice>-- using flow hash instead of active packets
26/9/2017 -- 20:13:52 - <info>-- 1 rule files processed. 233 rules successfully loaded, 0 rules failed
26/9/2017 -- 20:13:52 - <info>-- Threshold config parsed: 0 rule(s) found
26/9/2017 -- 20:13:52 - <info>-- 233 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 72 inspect application layer, 102 are decoder event only
26/9/2017 -- 20:13:52 - <info>-- fast output device (regular) initialized: alerts.log
26/9/2017 -- 20:13:52 - <info>-- http-log output device (regular) initialized: http.log
26/9/2017 -- 20:13:52 - <info>-- Using 1 live device(s).
26/9/2017 -- 20:13:52 - <info>-- using interface igb3
26/9/2017 -- 20:13:53 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
26/9/2017 -- 20:13:53 - <info>-- Found an MTU of 1500 for 'igb3'
26/9/2017 -- 20:13:53 - <info>-- Set snaplen to 1524 for 'igb3'
26/9/2017 -- 20:13:53 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
26/9/2017 -- 20:13:53 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed</error></error></info></info></info></info></info></info></info></info></info></info></notice></info></info></notice>
    0

  • You need to greatly increase the Stream Memory Cap.  You can find the setting on the FLOW/STREAM tab.  Start by doubling the default value and see if that helps.  Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks.  Split the difference in the two points.

    Bill

    0
  • S

    @bmeeks:

    You need to greatly increase the Stream Memory Cap.  You can find the setting on the FLOW/STREAM tab.  Start by doubling the default value and see if that helps.  Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks.  Split the difference in the two points.

    Bill

    Thanks doubling fixed the issue.

    0

  • @strangegopher:

    @bmeeks:

    You need to greatly increase the Stream Memory Cap.  You can find the setting on the FLOW/STREAM tab.  Start by doubling the default value and see if that helps.  Keep doubling the value until Suricata starts, then you can start working down again to find where it breaks.  Split the difference in the two points.

    Bill

    Thanks doubling fixed the issue.

    Thanks for the feedback.  May help others that encounter the same problem.  Lots of CPU cores causes Suricata to want a lot stream capture memory.  The defaults are fine for most installations, but high core count CPUs will necessitate bumping up the stream memcap limit by a lot.

    Bill

    0
  • F

    I also have the same problem, just upgraded to latest version.

    I first had problem with Snort, but gave up because I couldn't find any usefull log-entries and I reset all rules. Installed Suricata and pretty fast after install I got a better log-viewer and similar error as the threadstarter.

    Will try the same fix and see if it helps. I have a pretty fast pfSense-device.

    
10/2017 -- 01:51:25 - <info>-- Set snaplen to 1524 for 'igb0'
4/10/2017 -- 01:51:26 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
4/10/2017 -- 01:51:26 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed
4/10/2017 -- 01:51:42 - <notice>-- This is Suricata version 4.0.0 RELEASE
4/10/2017 -- 01:51:42 - <info>-- CPUs/cores online: 8
4/10/2017 -- 01:51:42 - <info>-- HTTP memcap: 67108864
4/10/2017 -- 01:51:42 - <notice>-- using flow hash instead of active packets
4/10/2017 -- 01:51:42 - <error>-- [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata_igb033693.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_igb033693.pid. Aborting!</error></notice></info></info></notice></error></error></info>

    UPDATE: Fixed here as well!

    0

  • I think I will bump up the defaults for Stream and Reassembly Memcap values in a future release.

    Bill

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy