Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata 4.1.6 crashes when starting Interfaces

    Scheduled Pinned Locked Moved
    IDS/IPS
    suricata crashing pfsense 2.4.4
    2
    4
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Goeddie95
      last edited by

      Hey Guys,

      I have two same servers running pfSense. One is runnig fine and everything works well but the other with the same hardware will not start Suricata.

      Is there an issue with the squid proxy filter in combination with Suricata ?

      When i try to start Suricata on my firewall after a few seconds it will be killed...

      here is my suricata.log

      5/1/2020 -- 19:22:24 - <Notice> -- This is Suricata version 4.1.6 RELEASE
5/1/2020 -- 19:22:24 - <Info> -- CPUs/cores online: 8
5/1/2020 -- 19:22:24 - <Info> -- HTTP memcap: 67108864
5/1/2020 -- 19:22:24 - <Notice> -- using flow hash instead of active packets
5/1/2020 -- 19:22:24 - <Info> -- fast output device (regular) initialized: alerts.log
5/1/2020 -- 19:22:24 - <Info> -- http-log output device (regular) initialized: http.log
5/1/2020 -- 19:22:24 - <Info> -- stats output device (regular) initialized: stats.log
5/1/2020 -- 19:22:28 - <Info> -- 1 rule files processed. 20808 rules successfully loaded, 0 rules failed
5/1/2020 -- 19:22:28 - <Info> -- Threshold config parsed: 0 rule(s) found
5/1/2020 -- 19:22:28 - <Info> -- 20811 signatures processed. 1100 are IP-only rules, 4822 are inspecting packet payload, 16707 inspect application layer, 103 are decoder event only
5/1/2020 -- 19:22:40 - <Info> -- Using 1 live device(s).
5/1/2020 -- 19:22:40 - <Info> -- using interface bge3
5/1/2020 -- 19:22:40 - <Info> -- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
5/1/2020 -- 19:22:40 - <Info> -- Set snaplen to 1518 for 'bge3'
5/1/2020 -- 19:22:40 - <Error> -- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
5/1/2020 -- 19:22:40 - <Error> -- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed
5/1/2020 -- 19:22:40 - <Error> -- [ERRCODE: SC_ERR_MEM_ALLOC(1)] - failed to setup/expand stream session pool. Expand stream.memcap?
5/1/2020 -- 19:22:40 - <Info> -- RunModeIdsPcapAutoFp initialised
5/1/2020 -- 19:22:40 - <Error> -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "W#08" failed to initialize: flags 0145
5/1/2020 -- 19:22:40 - <Error> -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        @Goeddie95 said in Suricata 4.1.6 crashes when starting Interfaces:

        Expand stream.memcap?

        with 8 cpu core
        increase the Stream Memcap value on the FLOW/STREAM tab (inside interface) to at least 256 MB and try to start again, increse that value until it run

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        G 2 Replies Last reply Reply Quote 1
        • G
          Goeddie95 @kiokoman
          last edited by

          @kiokoman

          Thx for the quick reply! :)

          I will try it and let u know if it’s working.

          1 Reply Last reply Reply Quote 0
          • G
            Goeddie95 @kiokoman
            last edited by

            @kiokoman

            THX! System is up and running :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post