[Oisf-users] Memory Allocations
Peter Manev
petermanev at gmail.com
Thu Nov 20 17:21:54 UTC 2014
On Mon, Nov 17, 2014 at 3:45 PM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> I am having issues with Suricata crashing due to running out of memory.
> I just wanted to clarify certain sections of config that I am doing my
> calculations correctly.
>
> max-pending-packets 65000 ------- Does that use a lot of Ram?
>
> So for defrag and flow sections, whatever memcap values I set, that's what
> the maximum that can be used, correct?
>
> Stream section is a bit unclear to me. Memcap for Stream and Memcap for
> Reassembly, how do they relate? Which one should be bigger?
>
> Host section, once again, memcap is the maximum RAM that would be used?
>
> And lastly, libhtp section, request and response -body-limit values, is that
> maximum memory utilization of LIBHTP?
>
> Thanks.
>
Hi,
You mean you are running into swap, correct?
If you sum up all the memcap values you have given in suricata.yaml -
would that be less than what you actually have as RAM on the server
running Suricata?
Thank you
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list