[Oisf-users] Help with 99% CPU usage
Anoop Saldanha
anoopsaldanha at gmail.com
Wed May 15 14:24:21 UTC 2013
On Wed, May 15, 2013 at 3:55 PM, Duarte Silva
<duarte.silva at serializing.me> wrote:
> Hi all,
>
> I'm currently facing a problem with Suricata. After running for a while, there
> is always an AF_PACKET thread (workers mode) that hogs the CPU to which it is
> bound to creating an awful amount of packet loss. I have discarded the
> following factors:
>
> - Number of rules, it has also happened without rules;
> - Amount of network traffic, I have seen Suricata handle ~18 MBs (150 MBps) of
> traffic without problems with the current configuration and it as also happened
> with only ~2 MBs of traffic;
> - Memory, Suricata was only using ~500 MB of it when the CPU usage pegged to
> 100%;
>
> This happens repeatedly and after it happens, Suricata takes a long time to
> stop. Could some tell me what I can do to debug this issue?
>
> Suricata is executed with the following command line:
>
> suricata -D -c /etc/suricata/suricata.yaml --pidfile /var/lock/subsys/suricata
> --af-packet=eth1 --user=suri --group=suri
>
> I have also attached any files that can help out in debugging.
>
While this thread hogs the cpu, can you attach gdb to the suricata
process, and get a bt for the specified thread, and also all the
threads.
--
Anoop Saldanha
More information about the Oisf-users
mailing list