Print Page - Suricata: High memory usage

Title: Suricata: High memory usage
Post by: decalpha on February 22, 2021, 04:54:44 PM

After upgrade, have noticed that the memory usage has shot up drastically. Suricata shows usage of roughly 2GB.

System:
Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz (4 cores)
OPNsense 21.1.1-amd64
FreeBSD 12.1-RELEASE-p13-HBSD
OpenSSL 1.1.1i 8 Dec 2020

What could be the cause?

Title: Re: Suricata: High memory usage
Post by: rudiservo on June 01, 2021, 02:59:10 PM

I have been using suricata has well.
I found that suricata work better and lower memory with Hyperscan, also use policy instead of adding rules ajustments.
Too many rule adjustments may crash suricata and cut off all connections.
Also do not use all RULES, for example ET Trojan may block connections to vpns.

Title: Re: Suricata: High memory usage
Post by: binaryanomaly on June 02, 2021, 10:03:23 AM

Quote from: rudiservo on June 01, 2021, 02:59:10 PM
use policy instead of adding rules ajustments.

This is very IMPORTANT.

I made the mistake in the past as well and this makes your opnsense config xml file explode. This has the negative side effect that it slows down almost everything even pure UI interactions and generates high CPU load.

If you have a lot of rule adjustments it's quite annoying to clean it out. For me it worked best to export the config, remove the rule adjusments manually from the config xml and re-import it.

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: decalpha on February 22, 2021, 04:54:44 PM