Enabling IDS with or without any rule sets causes router to become unresponsive

rnicholus · February 06, 2019, 04:19:36 AM

I'm running the latest opnsense along with the latest suricata. When I enable IDS with or without enabled rule sets, the available RAM quickly decreases. Once it reaches about 81% used, the web ui and the router become completely unresponsive. I am only able to recover with a hard reboot. Processor is a J1800 w/ 2GB RAM. Intel 1 gig nics.

Any thoughts on what might be causing this? I started out with 18.7, and then quickly upgraded to 19.1. 18.7 was only running for a few hours, with both IDS and IPS enabled (no freeze/RAM issues).

bmail · February 06, 2019, 09:37:55 AM

Hello,

Not a real answer neither an explanation for your issue, but , try Hyperscan for pattern research (for suricata).

It could work better with Intel NIC and claim less ram (at least for my system).
Hope it could help you.

Enabling IDS with or without any rule sets causes router to become unresponsive

rnicholus

February 06, 2019, 04:19:36 AM Last Edit: February 06, 2019, 04:52:22 AM by rnicholus

bmail

February 06, 2019, 09:37:55 AM #1