<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Actually, I do have some IPv6 traffic.<div><div>decoder.ipv6 | RxPFReth220 | 16789538</div><div><br></div><div>This is from one of 40 threads. (20 for each of two interfaces).</div><div>Can this memory leak cause alerts to reduce in numbers?</div><div><br></div><div>I will definitely get the latest release.</div><div><br></div><div>Thanks.</div><br><div>> Date: Mon, 27 Oct 2014 10:06:03 -0700<br>> From: cnelson@ucsd.edu<br>> To: coolyasha@hotmail.com; oisf-users@lists.openinfosecfoundation.org<br>> Subject: Re: [Oisf-users] Performance Issues<br>> <br>> -----BEGIN PGP SIGNED MESSAGE-----<br>> Hash: SHA1<br>> <br>> Are you monitoring any IPv6 traffic?<br>> <br>> If I remember correctly, the 2.0.1 release had issues with leaking<br>> memory when tracking IPv6 flows.<br>> <br>> I'll suggest trying the current dev release and see if that fixes your<br>> issues.<br>> <br>> - -Coop<br>> <br>> On 10/27/2014 9:43 AM, Yasha Zislin wrote:<br>> > <br>> > Couple of things about my setup:<br>> > - When Suricata starts, it is using 60 gb of RAM. I've noticed when<br>> > alert count goes down, memory usage is at 105gb.<br>> > - After Suricata service restart, it runs for about a day until alert<br>> > count decreases.<br>> > - All CPUs are kicking and at no stage does any single CPU gets to 100%.<br>> > - I have 20 detection threads per interface.<br>> > - I have 26k ruleset. I know it's big but since I got RAM, I've figured<br>> <br>> - -- <br>> Cooper Nelson<br>> Network Security Analyst<br>> UCSD ACT Security Team<br>> cnelson@ucsd.edu x41042<br>> -----BEGIN PGP SIGNATURE-----<br>> Version: GnuPG v2.0.17 (MingW32)<br>> <br>> iQEcBAEBAgAGBQJUTnt7AAoJEKIFRYQsa8FWcvcH/2HnxeYNJmpHQjmnzqM+2IEk<br>> 1pq/oOjs0EAgC20vV0hytECwwqJM0ETHM71zVNOJiswlvda+hAhW7MUZiyZ/F88K<br>> ZZAiijRAKGMzZVtE+eR3iUnvn8ccE8P2ZWYrBPBUh+f8bQYiddtjRE9cGbt2iY1P<br>> Z46bem1cxkkobyl8YgmnSNOtTncw/zy4A9vIsDbHnYa0DywR03ZCpHxyEGI5Noqf<br>> 5L/VJy9MuzoFVtsanbIi3S+MWsx+iwmBwQC0nwHug5SN0JL3yfBvQ3U6njDp8I5W<br>> jc+jewlVYkRCZt07zKNqlGBWNEzkp2/FEDKd0jBXJmsAvqk+x8oX2oLh2gOr3HQ=<br>> =pYdX<br>> -----END PGP SIGNATURE-----<br></div></div> </div></body>
</html>