Suricata: High memory usage

Started by decalpha, February 22, 2021, 04:54:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 22, 2021, 04:54:44 PM
  After upgrade, have noticed that the memory usage has shot up drastically. Suricata shows usage of roughly 2GB.

System:
Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz (4 cores)
OPNsense 21.1.1-amd64
FreeBSD 12.1-RELEASE-p13-HBSD
OpenSSL 1.1.1i 8 Dec 2020
 
  What could be the cause?
June 01, 2021, 02:59:10 PM #1
I have been using suricata has well.
I found that suricata work better and lower memory with Hyperscan, also use policy instead of adding rules ajustments.
Too many rule adjustments may crash suricata and cut off all connections.
Also do not use all RULES, for example ET Trojan may block connections to vpns.
June 02, 2021, 10:03:23 AM #2 Last Edit: June 02, 2021, 10:07:24 AM by binaryanomaly
Quote from: rudiservo on June 01, 2021, 02:59:10 PM
use policy instead of adding rules ajustments.

This is very IMPORTANT.

I made the mistake in the past as well and this makes your opnsense config xml file explode. This has the negative side effect that it slows down almost everything even pure UI interactions and generates high CPU load.

If you have a lot of rule adjustments it's quite annoying to clean it out. For me it worked best to export the config, remove the rule adjusments manually from the config xml and re-import it.

Print
Go Up Pages1
User actions