Bug #73
closedDaemon mode generates more info than non-daemon mode on CentOS.
Description
On CentOS 5 running the engine with -D actually prints all Info and Error messages to the console. Additionally it prints it to every open console which results in more info actually being printed to the screen in Daemon mode than in non-Daemon mode. Actually quite hard to kill the engine on a busy network under these conditions.
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2471) <Info> (SigAddressPrepareStage3) -- MPM memory 577442574 (dynamic 577350366, ctxs 92208, avg per ctx 303230)
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2473) <Info> (SigAddressPrepareStage3) -- max sig id 8143, array size 1018
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2474) <Info> (SigAddressPrepareStage3) -- signature group heads: unique 2948, copies 20750.
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2476) <Info> (SigAddressPrepareStage3) -- MPM instances: 1904 unique, copies 1044 (none 0).
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2478) <Info> (SigAddressPrepareStage3) -- MPM (URI) instances: 17 unique, copies 2931 (none 0).
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2479) <Info> (SigAddressPrepareStage3) -- MPM max patcnt 4824, avg 1333
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2481) <Info> (SigAddressPrepareStage3) -- MPM (URI) max patcnt 4186, avg 20517 (348790/17)
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2482) <Info> (SigAddressPrepareStage3) -- port maxgroups: 81, avg 45, tot 11105
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2483) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (alert-fastlog.c:231) <Info> (AlertFastLogInitCtx) -- Fast log output registered, filename: fast.log
Files
Updated by Jason Ish about 14 years ago
Something to consider here is if we want daemon mode to respect the logging that is configured in suricata.yaml (perhaps disabling console output if its on) or setup its own. The patch I have out there to make logging respect the configuration file does not handle the daemon case where its own logging configuration is installed.
Updated by Jason Ish about 14 years ago
- File 0001-Making-logging-configurable.-If-no-logging-outputs-a.patch 0001-Making-logging-configurable.-If-no-logging-outputs-a.patch added
- File 0002-I-know-Snort-defaults-to-syslog-in-daemon-mode-but-s.patch 0002-I-know-Snort-defaults-to-syslog-in-daemon-mode-but-s.patch added
These patches had no intention of solving this issue, but they do.. Just turn on syslog in the config file rather than having daemon mode do it for you.
Updated by Will Metcalf about 14 years ago
- Assignee changed from OISF Dev to Jason Ish
Updated by Jason Ish about 14 years ago
- Status changed from Assigned to Resolved
Should be fixed in current master.
Updated by Victor Julien about 14 years ago
- Status changed from Resolved to Closed