Bug #2703
closedDownload Timeout
Added by Kenneth Kolano over 7 years ago. Updated about 7 years ago.
Description
If downloads fail it seems Suricata-Update can hang. For instance, a DL stuck at 99% here has left an update hung for >30min.
2018-11-21 23:45:21,436 - <INFO> - Fetching https://rules.emergingthreats.net/blockrules/emerging-tor.suricata.rules. 99% - 475136/476129
This effects the 1.0.0 release bundled in Suricata, though that seems to be missing from the "Affected Versions" drop down here.
JI Updated by Jason Ish over 7 years ago Actions #1
- Tracker changed from Feature to Bug
- Affected Versions 1.0.0 added
SB Updated by Shivani Bhardwaj over 7 years ago Actions #2
- Assignee changed from Jason Ish to Shivani Bhardwaj
KK Updated by Kenneth Kolano over 7 years ago Actions #3
A repeated case of this did seem to timeout today...
2018-11-29 20:00:17,283 - <INFO> - Fetching https://rules.emergingthreats.net/open/suricata-4.1.0/emerging.rules.tar.gz. 99% - 2293760/2303298 ERROR!: Suricata-Update timed out, retrying.
...unclear what differentiated this run from the one that hung.
JI Updated by Jason Ish over 7 years ago Actions #4
It doesn't look liks this error message:
ERROR!: Suricata-Update timed out, retrying.
Are you running it in some wrapper that may timeout and kill the app itself?
I'm also curious why you are timing out on this rule source? Is it a usual occurrence? Does it ever successfully complete?
KK Updated by Kenneth Kolano over 7 years ago Actions #5
Ah yes, sorry, that timeout is from the "timeout" command I added to ensure Suricata-Update updates didn't just remain hung...
timeout 15m sudo suricata-update
Updates do usually complete successfully, but I sometimes see these odd hangs occur.
I have been seeing some networking issue unrelated to Suricata with installs of Ubuntu 16 on a Virtualbox VM. Where some DNS queries arbitrarily seem to fail. Revising to using Google DNS rather than my ISPs seemed to resolve most of that, but I suspect something related to that is still broken and may be cropping up here.
In any case, it seems Suricata-Update may need to better account for these sorts of download failures to avoid becoming hung up.
JI Updated by Jason Ish over 7 years ago Actions #6
Yes, its currently being investigated and worked on.
KK Updated by Kenneth Kolano over 7 years ago Actions #7
Suricata events also seem to indicate someone may be attempting to DOS the box these VMs are running on at times, which may be related to the network failures.
SERVER-OTHER Cisco NetFlow Generation Appliance SCTP denial of service attempt SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt PROTOCOL-VOIP Cisco Expressway and TelePresence VCS denial of service attempt
VJ Updated by Victor Julien over 7 years ago Actions #8
- Target version changed from 1.0.1 to TBD
SB Updated by Shivani Bhardwaj over 7 years ago Actions #9
- Status changed from New to Assigned
SB Updated by Shivani Bhardwaj about 7 years ago Actions #10
- Status changed from Assigned to Feedback
SB Updated by Shivani Bhardwaj about 7 years ago Actions #11
- Status changed from Feedback to Closed
SB Updated by Shivani Bhardwaj about 7 years ago Actions #12
SB Updated by Shivani Bhardwaj about 7 years ago Actions #13
- Affected Versions 1.0.5 added
- Affected Versions deleted (
1.0.0)
SB Updated by Shivani Bhardwaj about 7 years ago Actions #14
- Target version changed from TBD to 1.0.5
- Affected Versions 1.0.0 added
- Affected Versions deleted (
1.0.5)