Support #1850
closedFile I/O in lua script
Description
What is the suggested way to do the file I/O in lua scripts? I encounter the following problems :
(1) suricata will report too many files are opened;
(2) files cannot be opened for some times;
(3) after rules are reloaded, suricata will hang about an hour later; and
(4) the opened files are closed when exit, the lua script does not run any more.
Thank you.
Files
Updated by Andreas Herz almost 8 years ago
Can you share more details about your scripts?
Do you get any error messages?
And "how" does suricata hang in case (3)?
Updated by Samiux A almost 8 years ago
- File cryptxxx_urls.lua cryptxxx_urls.lua added
The error message for case(1) is :
<Error> - [ERRCODE: SC_ERR_LIBNET_INIT(144)] - libnet_init failed: libnet_open_raw4(): SOCK_RAW allocation failed: Too many open files
<Info> - Cleaning socket connected to 'enp1s0f1'
For case(3), suricata process is very high (up to over 500) under "glances" and the internet connection will be dropped.
Attach please find the script.
Updated by Samiux A almost 8 years ago
I think I solved the problem. It is my bad coding script.
Please close this ticket. Thanks.
Updated by Samiux A almost 8 years ago
Sorry, case(1) still happens. Any idea to handle opening and closing files inside the lua script?
Updated by Samiux A almost 8 years ago
For case(1), I use a workaround method to overcome the problem. However, I do not know if there is a better way to do so.
Updated by Victor Julien over 7 years ago
- Status changed from New to Closed
There is an example here: https://gist.github.com/inliniac/083dd01b3c4ce91180448b45d7d6e35d