suricata: aborted
In some cases, suricata won't start. Starting it manually yields:
2/1/2018 -- 22:03:35 - - Including configuration dir /etc/suricata/conf.d. 2/1/2018 -- 22:03:35 - - Including configuration dir /etc/suricata/output_conf.d at parent node outputs. 2/1/2018 -- 22:03:35 - - This is Suricata version 4.0.0 RELEASE 2/1/2018 -- 22:03:35 - - CPUs/cores online: 2 2/1/2018 -- 22:03:35 - - luajit states preallocated: 128 2/1/2018 -- 22:03:35 - - 'default' server has 'request-body-minimal-inspect-size' set to 32479 and 'request-body-inspect-window' set to 4025 after randomization. 2/1/2018 -- 22:03:35 - - 'default' server has 'response-body-minimal-inspect-size' set to 40141 and 'response-body-inspect-window' set to 16688 after randomization. 2/1/2018 -- 22:03:35 - - DNS request flood protection level: 500 2/1/2018 -- 22:03:35 - - DNS per flow memcap (state-memcap): 524288 2/1/2018 -- 22:03:35 - - DNS global memcap: 16777216 2/1/2018 -- 22:03:35 - - Protocol detection and parser disabled for modbus protocol. 2/1/2018 -- 22:03:35 - - Protocol detection and parser disabled for enip protocol. 2/1/2018 -- 22:03:35 - - Protocol detection and parser disabled for DNP3. 2/1/2018 -- 22:03:35 - - NFQ running in REPEAT mode with mark 2/2 2/1/2018 -- 22:03:35 - - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 2/1/2018 -- 22:03:35 - - preallocated 1000 hosts of size 84 2/1/2018 -- 22:03:35 - - host memory usage: 346144 bytes, maximum: 33554432 Aborted
This issue seems to happen only on some routers/configurations, I wasn't able to reproduce it so far.
More users reported this issue, the output is always the same.