Bug #2703
closedDownload Timeout
Description
If downloads fail it seems Suricata-Update can hang. For instance, a DL stuck at 99% here has left an update hung for >30min.
2018-11-21 23:45:21,436 - <INFO> - Fetching https://rules.emergingthreats.net/blockrules/emerging-tor.suricata.rules. 99% - 475136/476129
This effects the 1.0.0 release bundled in Suricata, though that seems to be missing from the "Affected Versions" drop down here.
JI Updated by Jason Ish over 7 years ago
- Tracker changed from Feature to Bug
- Affected Versions 1.0.0 added
SB Updated by Shivani Bhardwaj over 7 years ago
- Assignee changed from Jason Ish to Shivani Bhardwaj
KK Updated by Kenneth Kolano over 7 years ago
A repeated case of this did seem to timeout today...
2018-11-29 20:00:17,283 - <INFO> - Fetching https://rules.emergingthreats.net/open/suricata-4.1.0/emerging.rules.tar.gz. 99% - 2293760/2303298 ERROR!: Suricata-Update timed out, retrying.
...unclear what differentiated this run from the one that hung.
JI Updated by Jason Ish over 7 years ago
It doesn't look liks this error message:
ERROR!: Suricata-Update timed out, retrying.
Are you running it in some wrapper that may timeout and kill the app itself?
I'm also curious why you are timing out on this rule source? Is it a usual occurrence? Does it ever successfully complete?
KK Updated by Kenneth Kolano over 7 years ago
Ah yes, sorry, that timeout is from the "timeout" command I added to ensure Suricata-Update updates didn't just remain hung...
timeout 15m sudo suricata-update
Updates do usually complete successfully, but I sometimes see these odd hangs occur.
I have been seeing some networking issue unrelated to Suricata with installs of Ubuntu 16 on a Virtualbox VM. Where some DNS queries arbitrarily seem to fail. Revising to using Google DNS rather than my ISPs seemed to resolve most of that, but I suspect something related to that is still broken and may be cropping up here.
In any case, it seems Suricata-Update may need to better account for these sorts of download failures to avoid becoming hung up.
JI Updated by Jason Ish over 7 years ago
Yes, its currently being investigated and worked on.
KK Updated by Kenneth Kolano over 7 years ago
Suricata events also seem to indicate someone may be attempting to DOS the box these VMs are running on at times, which may be related to the network failures.
SERVER-OTHER Cisco NetFlow Generation Appliance SCTP denial of service attempt SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt PROTOCOL-VOIP Cisco Expressway and TelePresence VCS denial of service attempt
VJ Updated by Victor Julien over 7 years ago
- Target version changed from 1.0.1 to TBD
SB Updated by Shivani Bhardwaj about 7 years ago
- Status changed from New to Assigned
SB Updated by Shivani Bhardwaj about 7 years ago
- Status changed from Assigned to Feedback
SB Updated by Shivani Bhardwaj about 7 years ago
- Status changed from Feedback to Closed
SB Updated by Shivani Bhardwaj about 7 years ago
SB Updated by Shivani Bhardwaj about 7 years ago
- Affected Versions 1.0.5 added
- Affected Versions deleted (
1.0.0)
SB Updated by Shivani Bhardwaj about 7 years ago
- Target version changed from TBD to 1.0.5
- Affected Versions 1.0.0 added
- Affected Versions deleted (
1.0.5)