English Forums > Intrusion Detection and Prevention

Slow opnsense after disabling and enabling IDS rules

(1/1)

Azgar:
Hello,

I use opnsense 23.7.8 and suricata 6.0.15 (latest version available on the opnsense repository)
- I activated suricata: no slowness observed
- I downloaded all the suricata rules: no slowness noted
- Deactivation of all IDS web_app_specific rules: (5000 rules): slowness of the interface noted
- Reactivation of IDS rules previously deactivated for a return to normal: slowness still observed

On the Opnsense console, when I look at the resources used (top command) I notice that PHP-GUI and PHP consume resources abnormally and this has an impact on the use of network resources (ping of more than 1 MS from time to time when I perform an operation, for example deactivate a meerkat rule)

the more I modify the rules, the more resources the PHP and PHP-CGI process takes (activation or deactivation of ids rules)

I tried to change the scan type (hyperscan and aho-corasik) but the problem persists

The suricata service is stable at between 0.38% and 0.40% overall usage.
the slowness is generated by the manipulation of the rules. when I restore suricata with its original configuration the problem disappears

Why does this happen?

Thanks for your help

dmalick:
Same problem is here..CPU usages increase

Navigation

[0] Message Index