<br><br>
<div class="gmail_quote">On Fri, Mar 23, 2012 at 8:56 AM, Victor Julien <span dir="ltr"><<a href="mailto:victor@inliniac.net">victor@inliniac.net</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<div class="im">On 03/23/2012 05:46 AM, Brant Wells wrote:<br>> Hi All,<br>><br>> I just wanted to report in... The latest GIT version that I am running<br>> (Suricata 1.3dev (rev 22349f8)) has given me some very notable improvements!<br>
><br>> I almost wondered if Suricata had crashed a few minutes ago, because my<br>> web interface to BASE was lighting fast!<br>><br>> Anyhow, I did some checking and suricata is now running steady between<br>
> ~30% and 75% CPU usage... and roughtly 11% of my system memory (Quad<br>> core / 4GB box)... Before it was running at 99% Cpu usage and consuming<br>> 60% of the boxes RAM.<br><br></div>That memory things has me somewhat worried. We did do some optimization,<br>
but nothing should result in a factor 6 reduction I think.<br><br>What was the Suricata version you used before this?<br>
<div class="im"><br>> I went to check my stats.log and noticed that it was at the 2gb file<br>> limit, lol, so i don't have any hard numbers right now. I will restart<br>> it tomorrow and get some...<br>><br>
> I am using the suricata.yaml that comes with the source, and have only<br>> modified the IP Addresses to match my network, all other settings have<br>> been left at default...<br><br></div>We did change the default runmode from auto to autofp, which should<br>
scale much better:<br><a href="http://www.inliniac.net/blog/2012/03/23/suricata-runmode-changes.html" target="_blank">http://www.inliniac.net/blog/2012/03/23/suricata-runmode-changes.html</a><br><span class="HOEnZb"><font color="#888888"><br>
--<br>---------------------------------------------<br>Victor Julien<br><a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br><br>_______________________________________________<br>Oisf-devel mailing list<br><a href="mailto:Oisf-devel@openinfosecfoundation.org">Oisf-devel@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br></font></span></blockquote></div>
<div><br><br clear="all"> </div>
<div> </div>
<div> </div>
<div>Hi Brant,</div>
<div> </div>
<div>how much traffic do you inspect?</div>
<div> </div>
<div>thanks</div>
<div> </div>
<div> </div>
<div><br>-- <br></div>
<div>Regards,</div>
<div>Peter Manev</div><br>