[Oisf-users] Suricata 1.3.4 problem
Paul Halliday
paul.halliday at gmail.com
Wed Dec 5 23:53:09 UTC 2012
Hi,
Not quite sure whats happening but Suricata stops generating alerts
after about 30 minutes of operation. Bandwidth during this test never
peaked above 50. Running on FreeBSD 9.1
MEM and CPU for the process (~30 second interval):
1354748069,804M,26.37%
1354748099,807M,25.15%
1354748129,812M,31.10%
1354748159,818M,26.76%
...
1354749629,1061M,27.25%
1354749659,1065M,24.27%
1354749689,1069M,26.12%
1354749719,1089M,26.12%
1354749749,1090M,36.38%
1354749779,1092M,108.30%
1354749809,1095M,108.11%
1354749839,1098M,108.06%
1354749869,1098M,196.78%
1354749899,1098M,200.00%
1354749929,1098M,200.00%
1354749959,1098M,200.00%
1354749989,1098M,200.00%
In around the spike from 36 to 108 utilization Suricata throws this:
5/12/2012 -- 19:21:50 - <Info> - Flow emergency mode over, back to
normal... unsetting FLOW_EMERGENCY bit (ts.tv_sec: 1354749710,
ts.tv_usec:449629) flow_spare_q status(): 38% flows at the queue
A knob I need to turn somewhere?
Thanks!
--
Paul Halliday
http://www.pintumbler.org/
More information about the Oisf-users
mailing list