Project

General

Profile

Actions
Copy link

Bug #624

closed

Latest git not starting in daemon mode

Added by Peter Manev over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Leblond
Target version:
1.4beta3
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,
Starting Suricata like:

sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3 -D

Then in the suricata.log file:

[15253] 11/11/2012 -- 15:44:23 - (defrag-hash.c:203) <Info> (DefragInitConfig) -- allocated 229376 bytes of memory for the
 defrag hash... 4096 buckets of size 56
[15253] 11/11/2012 -- 15:44:23 - (defrag-hash.c:228) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of si
ze 144
[15253] 11/11/2012 -- 15:44:23 - (defrag-hash.c:235) <Info> (DefragInitConfig) -- defrag memory usage: 9666416 bytes, maxi
mum: 16777216
[15253] 11/11/2012 -- 15:44:23 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" 
flow load balancer
[15254] 11/11/2012 -- 15:44:23 - (util-pidfile.c:56) <Error> (SCPidfileCreate) -- [ERRCODE: SC_ERR_PIDFILE_OPEN(152)] - un
able to set pidfile: No such file or directory

This is with the latest git -

suricata --build-info
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:540) <Info> (SCPrintBuildInfo) -- This is Suricata version 1.4dev (rev 7293040)
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:613) <Info> (SCPrintBuildInfo) -- Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW HAVE_NSS
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:627) <Info> (SCPrintBuildInfo) -- 64-bits, Little-endian architecture
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:629) <Info> (SCPrintBuildInfo) -- GCC version 4.6.3, C version 199901
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:635) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:638) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:641) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:644) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:647) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:651) <Info> (SCPrintBuildInfo) -- compiled with -fstack-protector
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:657) <Info> (SCPrintBuildInfo) -- compiled with _FORTIFY_SOURCE=2
[15315] 11/11/2012 -- 15:48:32 - (suricata.c:660) <Info> (SCPrintBuildInfo) -- compiled with libhtp 0.2.10, linked against 0.2.10

if I use this start up command instead:

sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3

aka no daemon mode - it starts fine.

on an earlier git version:

 suricata --build-info
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:540) <Info> (SCPrintBuildInfo) -- This is Suricata version 1.4dev (rev 02874a1)
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:613) <Info> (SCPrintBuildInfo) -- Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW HAVE_NSS
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:627) <Info> (SCPrintBuildInfo) -- 64-bits, Little-endian architecture
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:629) <Info> (SCPrintBuildInfo) -- GCC version 4.6.3, C version 199901
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:635) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:638) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:641) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:644) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:647) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:651) <Info> (SCPrintBuildInfo) -- compiled with -fstack-protector
[5920] 11/11/2012 -- 15:24:57 - (suricata.c:657) <Info> (SCPrintBuildInfo) -- compiled with _FORTIFY_SOURCE=2

both commands:

sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3
sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3 -D

work fine

The configure line is:

./configure --enable-pfring --with-libpfring-includes=/usr/local/pfring/include \
--with-libpfring-libraries=/usr/local/pfring/lib \
--with-libpcap-includes=/usr/local/pfring/include \
--with-libpcap-libraries=/usr/local/pfring/lib \
--with-libnss-libraries=/usr/lib \
--with-libnss-includes=/usr/include/nss/ \
--with-libnspr-libraries=/usr/lib \
--with-libnspr-includes=/usr/include/nspr

thanks

Actions
Copy link
 #1

Updated by Victor Julien over 11 years ago

  • Status changed from New to Assigned
  • Assignee set to Eric Leblond
  • Target version set to 1.4beta3
Actions
Copy link
 #2

Updated by Eric Leblond over 11 years ago

This problem is linked with latest daemon change. I propose the following:
-verbose error in ERROR mode but no exit
-second error message telling that no pid file will be disable in 1.5 release.

Actions
Copy link
 #3

Updated by Eric Leblond over 11 years ago

  • % Done changed from 0 to 80
Actions
Copy link
 #4

Updated by Victor Julien over 11 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 80 to 100
Actions
Copy link

Also available in: Atom PDF