Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
Other
714
stars
176
forks
source link
Input.py and profiler.py sometimes declare that they're done and slips still doesn't shutdown gracefully #1021
This happens randomly when analyzing large pcaps/zeek logs
we get the following lines in slips.log
2024/10/04 05:21:11.245963 [Input] Telling Profiler to stop because no more input is arriving.
2024/10/04 05:21:11.338757 [Input] Waiting for Profiler to stop.
2024/10/04 07:06:11.049396 [Profiler] Stopping. Total lines read: 12034
2024/10/04 07:06:11.049670 [Profiler] Marking Profiler as done processing.
2024/10/04 07:06:11.049798 [Profiler] Profiler is done processing.
2024/10/04 07:06:11.138681 [Profiler] Profiler is done telling input.py that it's done processing.
2024/10/04 07:06:11.138801 [Input] Input is done processing.
which hints that input and profiler stopped, a signal should be given to main.py to call shutdown_gracefully() but for some reason, this doesn't happen!
AlyaGomaa
commented
1 month ago
This happens randomly when analyzing large pcaps/zeek logs we get the following lines in slips.log
which hints that input and profiler stopped, a signal should be given to main.py to call shutdown_gracefully() but for some reason, this doesn't happen!