Suricata - Engine?

ruggerio · August 03, 2020, 04:14:29 PM

Hi,

When testing 20.7 from iso, i always used Aho Ken Steele, no problems with memory.

Now, in 20.7 Production, memory goes up nearly 70% for suricata and the system is swapping. This was not the case before. I changed for now to "reduced memory implementation", but still lots of memory used and swap.

thx!
Ruggerio

XeroX · August 03, 2020, 04:45:30 PM

What happens when you set it to "ac"?

No intel processor?

ruggerio · August 04, 2020, 07:58:58 AM

ac? aho-corasick? Memory full, as in Ken Steele Variant. I just set IDP, no IPS.

No, it's a apu4 with a 4-core AMD Jaguar. Hyperscan in that case is no alternative.

Ruggerio

hushcoden · August 04, 2020, 10:27:13 AM

I'm actually running Hyperscan with my AMD GX-412TC and it works, so far so good...

spetrillo · August 04, 2020, 05:53:03 PM

Anyone seeing the "loading" on the Rules tab and it never goes away?

aesth · August 04, 2020, 08:06:19 PM

Quote from: spetrillo on August 04, 2020, 05:53:03 PM
Anyone seeing the "loading" on the Rules tab and it never goes away?

I was going to say: "yes now that you mentioned it". But it finished loading after I logged in, that took a while.

Suricata - Engine?

ruggerio

August 03, 2020, 04:14:29 PM

XeroX

August 03, 2020, 04:45:30 PM #1

ruggerio

August 04, 2020, 07:58:58 AM #2

hushcoden

August 04, 2020, 10:27:13 AM #3

spetrillo

August 04, 2020, 05:53:03 PM #4

aesth

August 04, 2020, 08:06:19 PM #5