Project

General

Profile

Actions
Copy link

Bug #1522

closed

lua-output problems with pfring

Added by Edward Fjellskål about 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Testing "Suricata version 2.1beta4 RELEASE" on Ubuntu 14.04 using afpacket seems to work with lua-output scripts.

But testing it with pfring 6.0.3 ZC it seems to have some issues.

After around ~1500 to ~3000 http requests, the output scripts stops logging.

The default http-log also stops logging.

Killing suricata sometimes seems to need -9 when it reaches this state.

There might be more issues using lua and pfring.

Simple lua script attached that I used.

Files

nt-http-count.lua (933 Bytes) nt-http-count.lua Simple lua script Edward Fjellskål, 07/28/2015 03:52 PM
Actions
Copy link
 #1

Updated by Victor Julien almost 10 years ago

  • Priority changed from High to Normal

What happens with the regular http output when you disable the lua script?

Actions
Copy link
 #2

Updated by Victor Julien almost 10 years ago

  • Target version deleted (3.0RC1)
Actions
Copy link
 #3

Updated by Edward Fjellskål almost 10 years ago

Both the emails from redmine, gmail sent to spamfolder!

Saw this first now.

To answer your question, I would need to replicate to be 100% sure, but IIRC there was no problem with regular http output when lua was dissabled.

E

Actions
Copy link
 #4

Updated by Victor Julien about 9 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF