pfsense:suricata:troubleshooting:service_starts_and_then_fails
Table of Contents
PFSense - Suricata - Troubleshooting - Service Starts and then Fails
The Suricata service starts and then stops.
Restarting the service does not help in any way and on the pfSense system logs you are shown the following errors:
12345 [101491] <Error>-[ERRCODE:SC_ERR_POOL_INIT(66)]-pool grow failed 12345 [101491] <Error>-[ERRCODE:SC_ERR_POOL_INIT(66)]-alloc error
Check Logs
Navigate to Service –> Suricata –> Logs View.
- Interface to View: Select the interface.
- Log file to view: suricata.log.
The error was:
<Error> — [ERRCODE: SC_ERR_INITIALIZATION(45)] – pid file ‘/var/run/suricata_ix047769.pid’ exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata_ix047769.pid. Aborting!
Resolution
Delete existing Suricata pid
Navigate to Diagnostics –> Command Prompt.
rm -f /var/run/suricata_ix047769.pid
NOTE: If you start Suricata now it will start again but then fail as the real issue is the Stream Memory Cap limit which you need to increase.
Navigate to Services –> Suricata –> Interfaces.
- Click on the edit icon for the interface in question.
- Select the WAN Flow/Stream tab.
In Stream Engine Settings:
- Stream Memory Cap: 268435456.
- Click Save.
NOTE: This increases memory to 256MB.
Probably need to at least double the Stream Mem Cap setting. If this fails, double again.
Navigate to Services –> Suricata –> Interfaces.
- Start the service.
pfsense/suricata/troubleshooting/service_starts_and_then_fails.txt · Last modified: 2021/01/22 22:25 by peter