[Oisf-users] Suricata v2.1beta2 with geoip and high ram consumption
Jay M.
jskier at gmail.com
Tue Jan 6 14:02:40 UTC 2015
That was in pcap live mode. Switching over to af_packet shortly here.
--
Jay
jskier at gmail.com
On Tue, Jan 6, 2015 at 7:56 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Tue, Jan 6, 2015 at 2:54 PM, Jay M. <jskier at gmail.com> wrote:
>> Correction, I meant inline IDS not IPS. I'll try that for science
>> anyway. What I meant was I am doing out of band monitoring only with
>> suricata, not using it as an inline IDS, so any blocking would be
>> irrelevant.
>>
>> FYI, I'm up to 20 gigabytes of allocated ram this morning after
>> turning on the timer to reload every two hours and testing some custom
>> rules I did yesterday.
>> --
>> Jay
>> jskier at gmail.com
>>
>>
>
> Is that af_packet or pcap mode?
>
> --
> Regards,
> Peter Manev
More information about the Oisf-users
mailing list