[Oisf-users] Suricata (2.0.7) using alot of swap after running for a while.
Peter Manev
petermanev at gmail.com
Sun Apr 26 18:47:41 UTC 2015
On Sun, Apr 26, 2015 at 12:07 PM, Andreas Moe <moe.andreas at gmail.com> wrote:
> I am sometimes seeing (after leaving suricata running for a while, say close
> to 24 hours) that it is using alot of swap (almost filling it up...)
>
> Any one have:
> 1) Any tips of where to start investigating this (what info i should post
> here or what values / stats i should take a better look at)
> 2) Have experienced the same issues
>
> Overview of system:
> - 3.19.0-1.el6.elrepo.x86_64 CentOS 6.6 (Final), VM, 8 cores, 16GB RAM,
> 1.6GB Swap.
If you sum up all your memcap settings in suricata.yaml - would they
be close to 16GB ?
> - Not alot of traffic, 20-50 Mbit/s
>
> /AndreasM
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list