[Oisf-users] Test live rule-reload with 3.0RC2
Andreas Herz
andi at geekosphere.org
Sun Dec 13 20:20:45 UTC 2015
Hi,
when testing 3.0RC2 i tried the live rule reload feature again (sending
-USR2 to suricata) and looks like the memory consumption bug is back.
What i would like is that some are trying this on their systems.
Steps:
1. Run suricata 3.0RC2 (unless you disabled it in the yaml, live rule
reload should be enabled by default), in my case i used a simple
monitor mode bound to one interface
2. Send USR2 signals for some time:
while true; do kill -s USR2 $SURICATAPID; sleep 60; done
3. Watch the memory consumption of suricata (top, htop or similiar)
If you see increasing the used memory, i got to 4 times the memory after
~100 reloads, please share with us some infos:
OS used, hardware, suricata --build-info and which mode you used.
I had this issue with CentOS7, Debian and ArchLinux
Thanks
--
Andreas Herz
More information about the Oisf-users
mailing list