Project

General

Profile

Actions
Copy link

Bug #999

closed

delayed detect inits thresholds before de_ctx

Added by Victor Julien over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
2.0beta2
Affected Versions:
Effort:
Difficulty:
Label:

Description

[27393] 14/10/2013 -- 13:55:55 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2013296, gid 1: unknown rule
[27393] 14/10/2013 -- 13:55:55 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2013296, gid 1: unknown rule
[27393] 14/10/2013 -- 13:55:55 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2013659, gid 1: unknown rule
[27393] 14/10/2013 -- 13:55:55 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2001058, gid 1: unknown rule
[27393] 14/10/2013 -- 13:55:55 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2009557, gid 1: unknown rule
[27393] 14/10/2013 -- 13:55:55 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2012086, gid 1: unknown rule
[27393] 14/10/2013 -- 13:55:55 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2003614, gid 1: unknown rule
[27393] 14/10/2013 -- 13:55:55 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2009389, gid 1: unknown rule
[27393] 14/10/2013 -- 13:55:56 - (tm-threads.c:2192) <Notice> (TmThreadWaitOnThreadInit) -- all 4 packet processing threads, 3 management threads initialized, engine started.
[27393] 14/10/2013 -- 13:55:56 - (detect.c:406) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/files.rules
[27393] 14/10/2013 -- 13:56:00 - (detect.c:406) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/icmp.rules
[27393] 14/10/2013 -- 13:58:19 - (suricata.c:2139) <Notice> (main) -- Signature(s) loaded, Detect thread(s) activated.

The "suppress" errors make sense if de_ctx isn't initialized yet.

Actions
Copy link
 #1

Updated by Victor Julien over 10 years ago

It may be enough to move the threshold init call to the detect engine init, as they are closely related anyway.

Actions
Copy link
 #2

Updated by Victor Julien over 10 years ago

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 2.0beta2
Actions
Copy link
 #3

Updated by Victor Julien over 10 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

I've moved it into LoadSignatures.

https://github.com/inliniac/suricata/pull/591

Actions
Copy link

Also available in: Atom PDF