[Oisf-users] tcp.segment_memcap_drop
Peter Manev
petermanev at gmail.com
Thu Jun 5 18:03:27 UTC 2014
On Thu, Jun 5, 2014 at 7:56 PM, Adnan Baykal <abaykal at gmail.com> wrote:
> what is this measure? as soon as I start Suri, I get this number in 15K and
> just keeps going up significantly. Can anyone tell me what effects
> tcp.segment_memcap_drop counter and what can I do to get it down?
In general you need to increase the stream memcap settings in yaml
> I have 16GB ram and already have memcap at 6gb and reassembly memcap at 12GB
> and depth: at 1mb
>
> Thanks
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
If you have 16 GRAM in total and you have 6+12 in Suricata = 18 you
will go into swap at some point and degrade performance not only for
Suri but for the whole machine as well.
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list