OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: PotatoCarl on November 06, 2019, 09:48:45 am
-
Hi
I am running on a Deciso appliance and I enabled Suricata. However, it hogs up 4 of 4GB ram and after a couple of days it breaks the machine. Especially when I update all rules reproducible. I found this actually when I checked the rules and found that they have - despite the cron job - not been updated for 5 months, expect one.
Is this a) a memory leak that is a bug or b) is there a way to configure it with less use of memory. Is there a recommended configuration?
I use a longer list of rules, like snort, ET, OpenSense, abuse.
Thanks for you help.
-
URLhaus is quite a huge list .. maybe at first you should start with a small set of enabled rules?
-
thank you. Which one is URLhaus?
-
Okay, found it, removed it, but nothing solved. Same problem. Takes a couple of minutes and ram load jumps from 60 to 96%, system slows aaaaaand stops.
Saw in another thread here that there are maybe some bugs with the 5.0 version I am using at this time (19.7.6) so maybe with 19.7.7 it will be okay. I hope.
-
Can you check the logs? Suricata 5 is only shipped in devel mode.
-
logs say "empty".
Under "alarms" I have only 7 "allowed" entries, nothing else.
-
Are you sure? 19.7.6 does not have Suricata 5, only the development equivalent.
-
I'm experiencing exactly the same. Running OPNSense on a VM in ProxMox.
After enabling suricata - traffic still flows but the webinterface / ssh & even the console via ProxMox aren't responding anymore. CPU jumps up to 60/70% and stays there.