Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
High CPU Usage Downloading
« previous
next »
Print
Pages: [
1
]
Author
Topic: High CPU Usage Downloading (Read 3237 times)
Pocket_Sevens
Jr. Member
Posts: 73
Karma: 2
High CPU Usage Downloading
«
on:
November 07, 2019, 04:48:19 pm »
Good morning. Let me edit this post with some additional detail and some questions.
I have Suricata set up to monitor the WAN and my VLANs only. However, trying to download a large file (e.g. Apex Legends) causes the memory usage of Suricata to jump up to 75%. However, it appears to be where a file is downloaded within the game launcher itself where Suricata jumps to 75%; not downloading from the EA site directly.
I noticed in the Activity monitor (System > Diagnostics > Activity) that Suricata was referencing the WAN in the command line; which makes sense because I'm only monitoring the WAN and my VLAN.
Settings:
IPS Mode: Checked
Promiscuous Mode: Checked
Pattern Matcher: Hyperscan
Interfaces: WAN; VLAN50
Download Rules: Some of the ET rules (botcc, compromised, drop, attack-response, exploit, malware, trojan, worm).
Just wondering: Is it possible to whitelist a site for Suricata to ignore? If I need to use an IP address, I'm assuming I could find the IP of the affected url and add that to a user defined pass list. Any guidance would be appreciated.
«
Last Edit: November 11, 2019, 03:27:40 pm by Pocket_Sevens
»
Logged
Pocket_Sevens
Jr. Member
Posts: 73
Karma: 2
Re: High CPU Usage Downloading
«
Reply #1 on:
November 11, 2019, 09:53:13 pm »
This is what I'm referring to...trying to download something in the Steam store makes Suricata use a lot of CPU on the WAN side:
86290 root 90 0 1936M 220M CPU0 0 2:23 59.67% /usr/local/bin/suricata -D --netmap --pidfile /var/run/suricata.pid -c /usr/local/etc/suricata/suricata.yaml{W#01-msk0_vlan2}
Downloading Steam directly from their website didn't have Suricata use so much CPU.
«
Last Edit: November 11, 2019, 09:56:35 pm by Pocket_Sevens
»
Logged
colourcode
Newbie
Posts: 9
Karma: 6
Re: High CPU Usage Downloading
«
Reply #2 on:
November 12, 2019, 07:06:33 pm »
Isn't it supposed to run internally and not on the WAN port?
I never get hits when it's activated on WAN, but from traffic on my LAN...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
High CPU Usage Downloading