Suricata behavior

Started by someone, June 10, 2024, 10:46:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 10, 2024, 10:46:32 PM
I have run suricata on different linux distros
Note: I noticed after making a rule change and applying it(command line in linux)
It takes up to 5 minutes for surricata to parse, load, and start engine of 150,000 rules
You can see it in opnsense monitoring cpu
Its a off then on load on cpu, its not continuous I guess not to overheat cpu
But that means when you push apply you have to wait at least 5 minutes to make another rule change
Including policies
I wonder if that is what is effecting some changes, not giving it enough tiime to finish last job
Surricata doesnt do multiple commands
June 11, 2024, 03:36:48 PM #1
I have not noticed more than about 30 seconds to reload once I hit apply. AMD V1756B with 16gb of ram using the ET Open rule set.
Print
Go Up Pages1
User actions