Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
21.7.3_1 - higher system load after upgrade caused by Suricata
« previous
next »
Print
Pages: [
1
]
Author
Topic: 21.7.3_1 - higher system load after upgrade caused by Suricata (Read 5395 times)
carstenp
Newbie
Posts: 7
Karma: 1
21.7.3_1 - higher system load after upgrade caused by Suricata
«
on:
September 25, 2021, 05:15:16 am »
After upgrading and rebooting I see my OPNsense virtual install under Proxmox with a higher system load. It's now consistently above 1.0; before the upgrade it was usually around 0.6-ish. IIRC, a load of 1.something isn't crazy high for a 4 core system?
I also notice Suricata (WAN) uses around 17%-20% sustained CPU load. The box has now been running for several hours, and CPU usage has not gone down.
I run Sensei on LAN and the enterprise version of ntopng.
Anyone else seeing higher CPU/system load caused by Suricata? Any chance a future upgrade will lower it again?
Edit: Attached screenshot for OPNsense load before and after upgrade...
«
Last Edit: September 29, 2021, 08:54:53 pm by carstenp
»
Logged
franco
Administrator
Hero Member
Posts: 17570
Karma: 1596
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #1 on:
September 25, 2021, 11:32:28 am »
Might be because of new decoders in major version features? Haven't checked, but likely is an interaction of some sort with activated rules.
Cheers,
Franco
Logged
Olli
Newbie
Posts: 12
Karma: 0
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #2 on:
September 25, 2021, 03:15:00 pm »
Have the same issue. full ram load and one cpu hight load.
After reboot it was a little better, but i found in the processes:
61047 root 85 0 28M 19M CPU0 0 0:06 98.33% /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.
After deactivate
Reporting -> Netflow -> Capture local
it runs normal without high load. Maybe some incompatibility with the new python 3.8?
Logged
yeraycito
Sr. Member
Posts: 276
Karma: 17
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #3 on:
September 25, 2021, 05:58:00 pm »
Opnsense 21.7.3.1 ( Fresh install 21.7 ):
- Suricata 6 ( wan ), ET Telemetry, all rules active
- No Sensei
- No Ntopng
Everything works well.
Logged
rungekutta
Full Member
Posts: 139
Karma: 11
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #4 on:
September 26, 2021, 08:37:31 pm »
Same thing here. Everything else equal (same rules etc), Suricata went from 10-20% to typically 20-40% CPU. That's on an 8 core Ryzen, so plenty of room left, but the difference is clear pre and post 21.7.3 upgrade.
I've got gigabit WAN and still max it out with IPS enabled, Suricata then uses 300-350% CPU, i.e. the equivalent of pegging 3-4 cores.
Logged
vecchiostupido
Newbie
Posts: 4
Karma: 2
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #5 on:
September 29, 2021, 02:49:01 pm »
Same problem here, after update Suricata is now up into 80 to 90% of CPU usage, my CPU was hovering for the past 6 months, over multiple updates, around 20 to 30% and now it is averaging around 70 to 80%, with peaks over 90%.
Logged
skookum
Newbie
Posts: 1
Karma: 1
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #6 on:
October 02, 2021, 07:31:41 pm »
I'm also experiencing this issue on a test VM and it's why I haven't upgraded my actual router. Under a Proxmox VM, CPU use is at 60-70% for a 2-core VM consistently even after several hours. As soon as I disable Suricata, it's down to 10%.
Logged
lenny
Full Member
Posts: 239
Karma: 5
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #7 on:
October 04, 2021, 10:16:57 am »
same here
Logged
Ypsilon
Newbie
Posts: 16
Karma: 9
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #8 on:
October 13, 2021, 02:14:55 pm »
Same issue here after upgrading to 21.7.3, so I'm back on 21.7.2
Some searching gave this:
On suricata forum [1]
Also on Ipfire bugtracker [2]
And on suricata bugtracker [3] and [4] and [5]
Seems that the load increase is most noticeable on KVM, also on other type virtual machines, less increase on bare metal install, but there also an increase.
And if this is the same issue, it's not an OPNsense issue but a suricata one.
One of the last posts on [3] was made by one of the core devs from ipfire offering help, creating [4] for tracking in the suricata 7.x branch as it appears.
But reading [5] still not solved in suricata 6.0.5, possible backport?
[1]
https://forum.suricata.io/t/cpu-usage-of-version-6-0-0/706
[2]
https://bugzilla.ipfire.org/show_bug.cgi?id=12548
[3]
https://redmine.openinfosecfoundation.org/issues/4096
[4]
https://redmine.openinfosecfoundation.org/issues/4379
[5]
https://redmine.openinfosecfoundation.org/issues/4421
Logged
HamiltonWDS
Newbie
Posts: 10
Karma: 2
Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
«
Reply #9 on:
October 18, 2021, 10:56:14 am »
I concur with the increase in CPU utilization, system loading and unstable packet performance with the latest update.
Using a virtual platform (Xenserver) with pass through network interfaces and clean install. Disabling Suricata and Netflow seems to help, but the WAN gateway is unstable (packet losses). Bandwidth also seems to be impacted as well.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
21.7.3_1 - higher system load after upgrade caused by Suricata