OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: ruggerio on August 03, 2020, 04:14:29 pm

Title: Suricata - Engine?
Post by: ruggerio on August 03, 2020, 04:14:29 pm

Hi,

When testing 20.7 from iso, i always used Aho Ken Steele, no problems with memory.

Now, in 20.7 Production, memory goes up nearly 70% for suricata and the system is swapping. This was not the case before. I changed for now to "reduced memory implementation", but still lots of memory used and swap.

thx!
Ruggerio

Title: Re: Suricata - Engine?
Post by: XeroX on August 03, 2020, 04:45:30 pm

What happens when you set it to "ac"?

No intel processor?

Title: Re: Suricata - Engine?
Post by: ruggerio on August 04, 2020, 07:58:58 am

ac? aho-corasick? Memory full, as in Ken Steele Variant. I just set IDP, no IPS.

No, it's a apu4 with a 4-core AMD Jaguar. Hyperscan in that case is no alternative.

Ruggerio

Title: Re: Suricata - Engine?
Post by: hushcoden on August 04, 2020, 10:27:13 am

I'm actually running Hyperscan with my AMD GX-412TC and it works, so far so good...

Title: Re: Suricata - Engine?
Post by: spetrillo on August 04, 2020, 05:53:03 pm

Anyone seeing the "loading" on the Rules tab and it never goes away?

Title: Re: Suricata - Engine?
Post by: aesth on August 04, 2020, 08:06:19 pm

Quote from: spetrillo on August 04, 2020, 05:53:03 pm

Anyone seeing the "loading" on the Rules tab and it never goes away?

I was going to say: "yes now that you mentioned it". But it finished loading after I logged in, that took a while.