BugReport_1.txt - Suricata - Open Information Security Foundation

Bug #919 » BugReport_1.txt

run log and build info - E Ermer, 08/09/2013 12:50 AM

       # suricata -c /usr/local/etc/suricata/suricata.yaml -r    /root/pcaps/defcon_18-ctf-0204_just_icmpv6.pcap
 /8/2013 -- 15:21:58 - <Info> - This is Suricata version 1.4.3 RELEASE
 /8/2013 -- 15:21:58 - <Info> - CPUs/cores online: 2
 /8/2013 -- 15:21:58 - <Info> - allocated 2097152 bytes of memory for the defrag hash... 65536 buckets of size 32
 /8/2013 -- 15:21:58 - <Info> - preallocated 65535 defrag trackers of size 104
 /8/2013 -- 15:21:58 - <Info> - defrag memory usage: 8912792 bytes, maximum: 33554432
 /8/2013 -- 15:21:58 - <Info> - AutoFP mode using default "Active Packets" flowload balancer
 /8/2013 -- 15:21:58 - <Info> - preallocated 1024 packets. Total memory 3168256
 /8/2013 -- 15:21:58 - <Info> - allocated 131072 bytes of memory for the host hash... 4096 buckets of size 32
 /8/2013 -- 15:21:58 - <Info> - preallocated 1000 hosts of size 76
 /8/2013 -- 15:21:58 - <Info> - host memory usage: 207072 bytes, maximum: 16777216
 /8/2013 -- 15:21:58 - <Info> - allocated 2097152 bytes of memory for the flow hash... 65536 buckets of size 32
 /8/2013 -- 15:21:58 - <Info> - preallocated 10000 flows of size 192
 /8/2013 -- 15:21:58 - <Info> - flow memory usage: 4017152 bytes, maximum: 33554432
 /8/2013 -- 15:21:58 - <Info> - IP reputation disabled
 /8/2013 -- 15:21:58 - <Info> - Added "34" classification types from the classification file
 /8/2013 -- 15:21:58 - <Info> - Added "12" reference types from the reference.config file
 /8/2013 -- 15:21:58 - <Info> - using magic-file /usr/share/file/magic
 /8/2013 -- 15:21:59 - <Info> - Delayed detect disabled
 /8/2013 -- 15:21:59 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /usr/local/etc/suricata/rules/ciarmy.rules
 /8/2013 -- 15:22:00 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /usr/local/etc/suricata/rules/emerging-icmp.rules
 /8/2013 -- 15:22:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /usr/local/etc/suricata/rules/emerging-virus.rules: No such file or directory.
 /8/2013 -- 15:22:09 - <Info> - 50 rule files processed. 13601 rules successfully loaded, 0 rules failed
 /8/2013 -- 15:22:49 - <Info> - 13609 signatures processed. 1007 are IP-only rules, 4140 are inspecting packet payload, 10241 inspect application layer, 83 are decoder event only
 /8/2013 -- 15:22:49 - <Info> - building signature grouping structure, stage 1: adding signatures to signature source addresses... complete
 /8/2013 -- 15:22:51 - <Info> - building signature grouping structure, stage 2: building source address list... complete
 /8/2013 -- 15:23:01 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
 /8/2013 -- 15:23:03 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - signature sid:2520758 has an event var set.  The signature event var is given precedence over the threshold.conf one.  We'll change this in the future though.
 /8/2013 -- 15:23:03 - <Info> - Threshold config parsed: 1 rule(s) found
 /8/2013 -- 15:23:03 - <Info> - Core dump size set to unlimited.
 /8/2013 -- 15:23:03 - <Info> - fast output device (regular) initialized: fast.log
 /8/2013 -- 15:23:03 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
 /8/2013 -- 15:23:03 - <Info> - http-log output device (regular) initialized: http.log
 /8/2013 -- 15:23:03 - <Info> - tls-log output device (regular) initialized: tls.log
 /8/2013 -- 15:23:03 - <Info> - reading pcap file /root/pcaps/defcon_18-ctf-0204_just_icmpv6.pcap
 /8/2013 -- 15:23:03 - <Info> - using magic-file /usr/share/file/magic
 /8/2013 -- 15:23:03 - <Info> - returning 0xb32fffd0
 /8/2013 -- 15:23:03 - <Info> - using magic-file /usr/share/file/magic
 /8/2013 -- 15:23:03 - <Info> - returning 0xb16fffd0
 /8/2013 -- 15:23:03 - <Info> - using magic-file /usr/share/file/magic
 /8/2013 -- 15:23:03 - <Info> - returning 0xbb26b58
 /8/2013 -- 15:23:03 - <Info> - stream "max-sessions": 262144
 /8/2013 -- 15:23:03 - <Info> - stream "prealloc-sessions": 32768
 /8/2013 -- 15:23:03 - <Info> - stream "memcap": 33554432
 /8/2013 -- 15:23:03 - <Info> - stream "midstream" session pickups: disabled
 /8/2013 -- 15:23:03 - <Info> - stream "async-oneside": disabled
 /8/2013 -- 15:23:03 - <Info> - stream "checksum-validation": enabled
 /8/2013 -- 15:23:03 - <Info> - stream."inline": disabled
 /8/2013 -- 15:23:03 - <Info> - stream.reassembly "memcap": 67108864
 /8/2013 -- 15:23:03 - <Info> - stream.reassembly "depth": 1048576
 /8/2013 -- 15:23:03 - <Info> - stream.reassembly "toserver-chunk-size": 2560
 /8/2013 -- 15:23:03 - <Info> - stream.reassembly "toclient-chunk-size": 2560
 /8/2013 -- 15:23:03 - <Info> - all 4 packet processing threads, 3 management threads initialized, engine started.
       suricata: detect.c:1760: Detect: Assertion `!((p)->icmpv6h == ((void *)0))' failed.
       Aborted (core dumped)
       ]# suricata --build-info
       This is Suricata version 1.4.3 RELEASE
       Features: DEBUG DEBUG_VALIDATION UNITTESTS PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW
 -bits, Little-endian architecture
       GCC version 4.4.7 20120313 (Red Hat 4.4.7-3), C version 199901
         __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
         __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
         __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
         __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
       compiled with libhtp 0.2.13, linked against 0.2.13
       Suricata Configuration:
         AF_PACKET support:                       yes
         PF_RING support:                         no
         NFQueue support:                         no
         IPFW support:                            no
         DAG enabled:                             no
         Napatech enabled:                        no
         Unix socket enabled:                     no
         libnss support:                          no
         libnspr support:                         no
         libjansson support:                      no
         Prelude support:                         no
         PCRE jit:                                no
         libluajit:                               no
         libgeoip:                                no
         Non-bundled htp:                         no
         Old barnyard2 support:                   no
         CUDA enabled:                            no
         Suricatasc install:                      yes
         Unit tests enabled:                      yes
         Debug output enabled:                    yes
         Debug validation enabled:                yes
         Profiling enabled:                       no
         Profiling locks enabled:                 no
       Generic build parameters:
         Installation prefix (--prefix):          /usr/local
         Configuration directory (--sysconfdir):  /usr/local/etc/suricata/
         Log directory (--localstatedir) :        /usr/local/var/log/suricata/
         Host:                                    i686-pc-linux-gnu
         GCC binary:                              gcc
         GCC Protect enabled:                     no
         GCC march native enabled:                yes
         GCC Profile enabled:                     no

« Previous
1
2
Next »

(1-1/2)

Project

General

Profile

Suricata

Bug #919 » BugReport_1.txt