[Oisf-users] Suricata, 10k rules, 10Gbit/sec and lots of RAM
Yasha Zislin
coolyasha at hotmail.com
Wed Nov 5 15:33:53 UTC 2014
I had this issue as well. setting sgh-mpm-context to full and my 132gb of RAM would disappear without suricata fully starting.I assume if setting this to full would increase performance if you have sufficient hardware.
My ruleset is 20k rules. :)
> Date: Wed, 5 Nov 2014 11:24:01 +0100
> From: petermanev at gmail.com
> To: lists at inliniac.net
> CC: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Suricata, 10k rules, 10Gbit/sec and lots of RAM
>
> On Wed, Nov 5, 2014 at 10:28 AM, Victor Julien <lists at inliniac.net> wrote:
> > On 11/05/2014 08:11 AM, Peter Manev wrote:
> >>> I'm kind of concerned that rules cannot fit in the memory with
> >>> > sgh-mpm-context set to full and the settings presented. Should I be?
> >>> > :)
> >> There is a bug at the moment when using full with over 10k rules - it just ends up eating all the memory.
> >
> > What bug is this?
> >
>
> Tightly related to -
> https://redmine.openinfosecfoundation.org/issues/1202#change-4344
>
>
>
> --
> Regards,
> Peter Manev
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141105/e6295d2e/attachment-0002.html>
More information about the Oisf-users
mailing list