[Oisf-devel] Mem leaks
Victor Julien
victor at inliniac.net
Fri Oct 14 16:06:36 UTC 2011
On 10/14/2011 03:25 PM, Martin Holste wrote:
>> Coming to the memory usage, ac changes might be the reason behind the
>> mem increase(not a leak). I have changed all u16 buffers to u32 and
>> so on. The usage increase might look bigger when ac-full is used,
>> although with ac-single it should be pretty okay. Btw you should see
>> much better perf(around 15%-20%). How big's your ruleset btw?
>
> That would explain it--that's a lot of additional memory. Running
> with ac-full is such a performance improvement that we can't live
> without it (good thing we've got a lot of ram).
Have you tried ac-gfbs with "full"?
> I've now been seeing a very strange phenomenon in which low traffic
> periods actually lead to missed heartbeats. Very bizarre! The sensor
> performs well during peak load (around 700 Mb/sec), but when the load
> drops at night to more like 250 Mb/sec, it starts missing a lot of
> alerts. I've never seen anything like it, but it's been going on for
> a few nights now. This is with commit 58d7cb.
I can't think on anything here, except maybe that the traffic profile
might change radically and Suricata somehow chokes on this traffic?
Backups for example?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list