Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata Parse Error (solved)

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 1 Posters 757 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NollipfSenseN
      NollipfSense
      last edited by NollipfSense

      Got this Suricata error in Suricata log:

      28/7/2019 -- 13:15:05 - <Notice> -- This is Suricata version 4.1.4 RELEASE
      28/7/2019 -- 13:15:05 - <Info> -- CPUs/cores online: 8
      28/7/2019 -- 13:15:05 - <Info> -- HTTP memcap: 67108864
      28/7/2019 -- 13:15:05 - <Notice> -- using flow hash instead of active packets
      28/7/2019 -- 13:15:05 - <Info> -- Netmap: Setting IPS mode
      28/7/2019 -- 13:15:05 - <Error> -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - invalid size argument - 33,554,432. Valid size argument should be in the format -
      xxx <- indicates it is just bytes
      xxxkb or xxxKb or xxxKB or xxxkB <- indicates kilobytes
      xxxmb or xxxMb or xxxMB or xxxmB <- indicates megabytes
      xxxgb or xxxGb or xxxGB or xxxgB <- indicates gigabytes.

      28/7/2019 -- 13:15:05 - <Error> -- [ERRCODE: SC_ERR_SIZE_PARSE(198)] - Error parsing defrag.memcap from conf file - 33,554,432. Killing engine

      However, IP Defragmentation
      Fragmentation Memory Cap
      33,554,432
      Max memory to be used for defragmentation. Default is 33,554,432 bytes (32 MB). Sets the maximum amount of memory, in bytes, to be used by the IP defragmentation engine.

      So, I am not understanding why I am getting the error and what to do to correct this. I am using Intel i350 NIC. Flow stream set to 512MB for the 8 core.

      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

      1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense
        last edited by

        @NollipfSense said in Suricata Parse Error:

        <Error> -- [ERRCODE: SC_ERR_SIZE_PARSE(198)] - Error parsing defrag.memcap from conf file - <Error> -- [ERRCODE: SC_ERR_SIZE_PARSE(198)] - Error parsing defrag.memcap from conf file - 33,554,432. Killing engine.

        Well, this is a little embarrassing however, I got the issue fixed and it's right here (33,554,432)...should have been 33554432. Suricata now runs in inline mode.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.