Bug #7710
openSuricata Shutting Down Due to Queue Issue
Description
I have tried several times to startup Suricata but it shuts down each time within 30-45 seconds with the following error.
2025-05-16T15:58:56 Error suricata [100455] <Error> -- Just ran out of space in the queue. Please file a bug report on this
My firewall device = DEC3862
OPNSense Version: 25.4-amd64 (Business Edition)
FreeBSD = 14.2-RELEASE-p2
OpenSSL = 3.0.16
Files
Updated by Victor Julien 2 days ago
As a workaround, I think you could consider using a different `mpm-algo`: hyperscan (hs) is best if it has been compiled in.
You could try `ac-ks` or `ac-bs`.
Updated by Victor Julien 2 days ago
- Related to Bug #7678: Just ran out of space in the queue added
Updated by Kent Kasten 2 days ago
Victor Julien wrote in #note-1:
As a workaround, I think you could consider using a different `mpm-algo`: hyperscan (hs) is best if it has been compiled in.
You could try `ac-ks` or `ac-bs`.
As a newbie to OPNsense, I think part of the problem was that somehow I created "User Defined" rules (about 500 of them). Since there is no way to delete rules in mass (developer hint), I created a system backup, edited the XML file to pull out all the rules. Then did a factory reset and reloaded the configuration. When I reloaded the config, I also set the "Pattern Matcher" to "Hyperscan" and it seems to be working without issue. It has been up and running for more than 2.5 hours without shutting down the IDS.