Hello,
I use opnsense 23.7.8 and suricata 6.0.15 (latest version available on the opnsense repository)
- I activated suricata: no slowness observed
- I downloaded all the suricata rules: no slowness noted
- Deactivation of all IDS web_app_specific rules: (5000 rules): slowness of the interface noted
- Reactivation of IDS rules previously deactivated for a return to normal: slowness still observed
On the Opnsense console, when I look at the resources used (top command) I notice that PHP-GUI and PHP consume resources abnormally and this has an impact on the use of network resources (ping of more than 1 MS from time to time when I perform an operation, for example deactivate a meerkat rule)
the more I modify the rules, the more resources the PHP and PHP-CGI process takes (activation or deactivation of ids rules)
I tried to change the scan type (hyperscan and aho-corasik) but the problem persists
The suricata service is stable at between 0.38% and 0.40% overall usage.
the slowness is generated by the manipulation of the rules. when I restore suricata with its original configuration the problem disappears
Why does this happen?
Thanks for your help
Same problem is here..CPU usages increase