[Oisf-users] Performance Issues
Yasha Zislin
coolyasha at hotmail.com
Mon Oct 27 17:29:04 UTC 2014
Actually, I do have some IPv6 traffic.decoder.ipv6 | RxPFReth220 | 16789538
This is from one of 40 threads. (20 for each of two interfaces).Can this memory leak cause alerts to reduce in numbers?
I will definitely get the latest release.
Thanks.
> Date: Mon, 27 Oct 2014 10:06:03 -0700
> From: cnelson at ucsd.edu
> To: coolyasha at hotmail.com; oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Performance Issues
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Are you monitoring any IPv6 traffic?
>
> If I remember correctly, the 2.0.1 release had issues with leaking
> memory when tracking IPv6 flows.
>
> I'll suggest trying the current dev release and see if that fixes your
> issues.
>
> - -Coop
>
> On 10/27/2014 9:43 AM, Yasha Zislin wrote:
> >
> > Couple of things about my setup:
> > - When Suricata starts, it is using 60 gb of RAM. I've noticed when
> > alert count goes down, memory usage is at 105gb.
> > - After Suricata service restart, it runs for about a day until alert
> > count decreases.
> > - All CPUs are kicking and at no stage does any single CPU gets to 100%.
> > - I have 20 detection threads per interface.
> > - I have 26k ruleset. I know it's big but since I got RAM, I've figured
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iQEcBAEBAgAGBQJUTnt7AAoJEKIFRYQsa8FWcvcH/2HnxeYNJmpHQjmnzqM+2IEk
> 1pq/oOjs0EAgC20vV0hytECwwqJM0ETHM71zVNOJiswlvda+hAhW7MUZiyZ/F88K
> ZZAiijRAKGMzZVtE+eR3iUnvn8ccE8P2ZWYrBPBUh+f8bQYiddtjRE9cGbt2iY1P
> Z46bem1cxkkobyl8YgmnSNOtTncw/zy4A9vIsDbHnYa0DywR03ZCpHxyEGI5Noqf
> 5L/VJy9MuzoFVtsanbIi3S+MWsx+iwmBwQC0nwHug5SN0JL3yfBvQ3U6njDp8I5W
> jc+jewlVYkRCZt07zKNqlGBWNEzkp2/FEDKd0jBXJmsAvqk+x8oX2oLh2gOr3HQ=
> =pYdX
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141027/e86871b1/attachment-0002.html>
More information about the Oisf-users
mailing list