Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Suricata: High memory usage
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata: High memory usage (Read 2908 times)
decalpha
Newbie
Posts: 15
Karma: 1
Suricata: High memory usage
«
on:
February 22, 2021, 04:54:44 pm »
After upgrade, have noticed that the memory usage has shot up drastically. Suricata shows usage of roughly 2GB.
System:
Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz (4 cores)
OPNsense 21.1.1-amd64
FreeBSD 12.1-RELEASE-p13-HBSD
OpenSSL 1.1.1i 8 Dec 2020
What could be the cause?
Logged
rudiservo
Newbie
Posts: 27
Karma: 2
Re: Suricata: High memory usage
«
Reply #1 on:
June 01, 2021, 02:59:10 pm »
I have been using suricata has well.
I found that suricata work better and lower memory with Hyperscan, also use policy instead of adding rules ajustments.
Too many rule adjustments may crash suricata and cut off all connections.
Also do not use all RULES, for example ET Trojan may block connections to vpns.
Logged
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: Suricata: High memory usage
«
Reply #2 on:
June 02, 2021, 10:03:23 am »
Quote from: rudiservo on June 01, 2021, 02:59:10 pm
use policy instead of adding rules ajustments.
This is very IMPORTANT.
I made the mistake in the past as well and this makes your opnsense config xml file explode. This has the negative side effect that it slows down almost everything even pure UI interactions and generates high CPU load.
If you have a lot of rule adjustments it's quite annoying to clean it out. For me it worked best to export the config, remove the rule adjusments manually from the config xml and re-import it.
«
Last Edit: June 02, 2021, 10:07:24 am by binaryanomaly
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Suricata: High memory usage