I migrated my pfsense to a new hardware these days. Now it’s a i5-8365U based mini-computer with 4 Cores (+HT) and 8 RJ-45 Ports in a passively cooled setup. My former hardware had only one RJ-45 Port with a lot with VLANs. And this is where a little problem started – suricata did not start after the migration.<\/p>\n\n\n\n
The cause:<\/strong><\/p>\n\n\n\n The default allocated memory is too low for a machine capable doing 8 threads. So the suricata start fails with:<\/p>\n\n\n\n Resolution:<\/strong><\/p>\n\n\n\n Navigate to „Diagnostics“ => „Command prompt“ and type in<\/p>\n\n\n\n and click „execute“. This removes potential orphaned PID-files.<\/p>\n\n\n\n Now navigate to „Services“ => Suricata => „{the_interface}“ => edit => „WAN\/Flow Stream“ and increase two values:<\/p>\n\n\n\n Section „Flow Manager Settings“ <\/strong><\/p>\n\n\n\n Flow Memory Cap : 335544320<\/p>\n\n\n\n Section „Stream Engine Settings“ <\/strong><\/p>\n\n\n\n Stream Memory Cap: 671088640<\/p>\n\n\n\n I just added a zero at the end of the numbers so the above numbers are already the increased values. Make sure you adjust the above settings for every <\/em>interface you want suricata to protect.<\/p>\n\n\n\n That’s it – start suricata and you’re all set.<\/p>\n\n\n\n Thanks for watching.<\/p>\n","protected":false},"excerpt":{"rendered":" I migrated my pfsense to a new hardware these days. Now it’s a i5-8365U based mini-computer with 4 Cores (+HT) and 8 RJ-45 Ports in a passively cooled setup. My former hardware had only one RJ-45 Port with a lot with VLANs. And this is where a little problem started – suricata did not start… Weiterlesen »pfSense – Suricata fails<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1,6],"tags":[],"class_list":["post-1259","post","type-post","status-publish","format-standard","hentry","category-beitrag","category-technik"],"_links":{"self":[{"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/posts\/1259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/comments?post=1259"}],"version-history":[{"count":8,"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/posts\/1259\/revisions"}],"predecessor-version":[{"id":1269,"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/posts\/1259\/revisions\/1269"}],"wp:attachment":[{"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/media?parent=1259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/categories?post=1259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.boettrich.info\/blog\/wp-json\/wp\/v2\/tags?post=1259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}14\/4\/2021 -- 20:56:31 - <Error> -- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error<\/code><\/p>\n\n\n\n14\/4\/20219 -- 20:56:31 - <Error> -- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed<\/code><\/p>\n\n\n\n rm -f \/var\/run\/suricata_*<\/code><\/p>\n\n\n\n