Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Any new information on Suricata crashing on 3100's?

    Official Netgate® Hardware
    1
    1
    264
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bhjitsense
      last edited by bhjitsense

      This has been discussed some on here, but for those who may be experiencing the same issue, Suricata crashes with a Signal 10 bus error, and won't start unless you manually delete a stale .pid file. At least in my experience, it crashes if I make changes such as within pfBlocker or restart the OpenVPN server and only when Suricata is in blocking mode. According to this thread

      The SG-3100 crash is due to a compiler optimization problem for armv6 and armv7 CPUs (like those used in the SG-1000 and SG-3100 appliances). @bmeeks has been in contact with the pfSense team about this, but so far there is no resolution posted. The only fix for now is to NOT run Suricata on SG-3100 hardware. If you do, it will continue to randomly crash with the Signal 10 Bus Error. The Signal 10 crash leaves the PID file in place, so the next time you attempt to start Suricata it will see the file remaining from the previously crashed instance and complain. The stale PID file is a symptom and not a cause in this case.

      I just wanted to see if there is any expectation that this will be resolved or if there is a workaround that doesn't involve manually removing the .pid of sacrificing functionality.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.