Project

General

Profile

Actions

Bug #73

closed

Daemon mode generates more info than non-daemon mode on CentOS.

Added by Will Metcalf almost 15 years ago. Updated almost 15 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

On CentOS 5 running the engine with -D actually prints all Info and Error messages to the console. Additionally it prints it to every open console which results in more info actually being printed to the screen in Daemon mode than in non-Daemon mode. Actually quite hard to kill the engine on a busy network under these conditions.

Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2471) <Info> (SigAddressPrepareStage3) -- MPM memory 577442574 (dynamic 577350366, ctxs 92208, avg per ctx 303230)
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2473) <Info> (SigAddressPrepareStage3) -- max sig id 8143, array size 1018
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2474) <Info> (SigAddressPrepareStage3) -- signature group heads: unique 2948, copies 20750.
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2476) <Info> (SigAddressPrepareStage3) -- MPM instances: 1904 unique, copies 1044 (none 0).
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2478) <Info> (SigAddressPrepareStage3) -- MPM (URI) instances: 17 unique, copies 2931 (none 0).
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2479) <Info> (SigAddressPrepareStage3) -- MPM max patcnt 4824, avg 1333
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2481) <Info> (SigAddressPrepareStage3) -- MPM (URI) max patcnt 4186, avg 20517 (348790/17)
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2482) <Info> (SigAddressPrepareStage3) -- port maxgroups: 81, avg 45, tot 11105
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2483) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (alert-fastlog.c:231) <Info> (AlertFastLogInitCtx) -- Fast log output registered, filename: fast.log


Files

Actions #1

Updated by Jason Ish almost 15 years ago

Something to consider here is if we want daemon mode to respect the logging that is configured in suricata.yaml (perhaps disabling console output if its on) or setup its own. The patch I have out there to make logging respect the configuration file does not handle the daemon case where its own logging configuration is installed.

Updated by Jason Ish almost 15 years ago

These patches had no intention of solving this issue, but they do.. Just turn on syslog in the config file rather than having daemon mode do it for you.

Actions #3

Updated by Will Metcalf almost 15 years ago

  • Assignee changed from OISF Dev to Jason Ish
Actions #4

Updated by Will Metcalf almost 15 years ago

  • Status changed from New to Assigned
Actions #5

Updated by Jason Ish almost 15 years ago

  • Status changed from Assigned to Resolved

Should be fixed in current master.

Actions #6

Updated by Victor Julien almost 15 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF