[Oisf-users] HTTP/File Logging not working
Travel Factory S.r.l.
mc8647 at mclink.it
Tue May 13 11:15:59 UTC 2014
> Yes, certainly. If we can't track the http session properly, we
>can't
> log it either.
I'm just having a problem that is probably related...
Suricata 2.0, all memcaps set to 1gb. 7 rules. Yesterday at 15:30 I
started suricata and top reported a VIRT of 3548m.
This morning I had almost no http logs. stats.log was reporting an
increasing of memcap_drops. top reported 4562m, exaclty 1gb more than
when suricata started.
I was thinking about a memory leak but.....
... after about 3 hours, memory dropped back to 35xx, memcap_drops
stopped to increase and http logging restarted.
So I tried to replicate memory increase, downloading iso or similar
stuff but I was not able to replicate. Memory raises and lowers, now
is at 4178m.
One cpu went 100% for several minutes, and I'm quite sure it was
suricata... but I could not understand why...
So my questions:
1 - which kind of lan traffic can raise the memory usage up to memcap
limits? streaming? downloading? Just traffic?
2 - how suricata decides to free that memory and when?
I want to add that I have this settings active:
request-body-limit: 0
response-body-limit: 0
Thanks,
Francesco
More information about the Oisf-users
mailing list