Messages

1

Intrusion Detection and Prevention / Suricata running at one core 100% full time

« on: March 08, 2024, 12:49:10 pm »

Hi all! Bit of an OPNsense noob here, coming from PFsense. I have a small dedicated N100 box with dual Intel NIC running OPNsense bare metal. I installed Zenarmor, enabled Suricata and all seems fine, apart from the fact that the moment I enable Suricata it starts using 100% of one core full time, even when there's no traffic. The activity diagnostics shows it as:

69836   root   103   0   9G   5G   CPU3   3   21:57   99.71%   /usr/local/bin/suricata -D --netmap --pidfile /var/run/suricata.pid -c /usr/local/etc/suricata/suricata.yaml{suricata}

Is this normal behavior? And if not, would someone know a fix for this? Hardware offloading is disabled. Thanks!