[Oisf-users] Suricata v2.1beta2 with geoip and high ram consumption
Peter Manev
petermanev at gmail.com
Thu Jan 1 16:15:51 UTC 2015
On Wed, Dec 31, 2014 at 4:13 PM, Jay M. <jskier at gmail.com> wrote:
> I've been playing around a little with a geoip rule and noticed only
> when the sole one is enabled, ram is gobbled up quickly (about an
> hour) and eats into the swap with 16 gigs of ram.
>
What is the sum total of all your mem settings in suricata.yaml?
> So, I've added more RAM to the VM, from 16 to 24 gigs, I'll see what
> that does (up to 15 gigs allocated after starting 40 minutes ago).
>
> It does not appear to be dropping packets and the rule is working, as
> well as the ETPRO set. I'm wondering if others using geo rules are
> also seeing this behavior? I'm not ready to call it a memory leak just
> yet...
What amount of traffic are you inspecting?
Is this reproducible only (and every time) when you enable geoip?
>
> Additionally, running 64-bit, ArchLinux 3.17.6 kernel.
>
> --
> Jay
> jskier at gmail.com
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list