[Oisf-users] Suricata (2.0.7) using alot of swap after running for a while.
Andreas Moe
moe.andreas at gmail.com
Mon Apr 27 07:12:27 UTC 2015
I looked at this before, the memcaps are summed up to be round 12GB (and
got someone else to double check my math).
Another small (maybe connected) issue i saw now, is that i have another box
with http memcap set to 8GB, but the aggregated http.memuse show wayyy
above that (around 15GB per interface)... Anyone seen this before?
2015-04-26 20:47 GMT+02:00 Peter Manev <petermanev at gmail.com>:
> On Sun, Apr 26, 2015 at 12:07 PM, Andreas Moe <moe.andreas at gmail.com>
> wrote:
> > I am sometimes seeing (after leaving suricata running for a while, say
> close
> > to 24 hours) that it is using alot of swap (almost filling it up...)
> >
> > Any one have:
> > 1) Any tips of where to start investigating this (what info i should post
> > here or what values / stats i should take a better look at)
> > 2) Have experienced the same issues
> >
> > Overview of system:
> > - 3.19.0-1.el6.elrepo.x86_64 CentOS 6.6 (Final), VM, 8 cores, 16GB RAM,
> > 1.6GB Swap.
>
> If you sum up all your memcap settings in suricata.yaml - would they
> be close to 16GB ?
>
> > - Not alot of traffic, 20-50 Mbit/s
> >
> > /AndreasM
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150427/4bf7e264/attachment-0002.html>
More information about the Oisf-users
mailing list