[Oisf-users] Suricata v2.1beta2 with geoip and high ram consumption
Jay M.
jskier at gmail.com
Tue Jan 6 14:20:57 UTC 2015
Changed systemd unit file for afpacket (and verbose switch) and
started. Had configured for 8 threads to match the cores on the vCPU.
Reload occured shortly after it started and it went from 7 to 14
gigabytes allocated. I'll let this perculate for a couple of days.
--
Jay
jskier at gmail.com
On Tue, Jan 6, 2015 at 8:02 AM, Jay M. <jskier at gmail.com> wrote:
> That was in pcap live mode. Switching over to af_packet shortly here.
> --
> Jay
> jskier at gmail.com
>
>
> On Tue, Jan 6, 2015 at 7:56 AM, Peter Manev <petermanev at gmail.com> wrote:
>> On Tue, Jan 6, 2015 at 2:54 PM, Jay M. <jskier at gmail.com> wrote:
>>> Correction, I meant inline IDS not IPS. I'll try that for science
>>> anyway. What I meant was I am doing out of band monitoring only with
>>> suricata, not using it as an inline IDS, so any blocking would be
>>> irrelevant.
>>>
>>> FYI, I'm up to 20 gigabytes of allocated ram this morning after
>>> turning on the timer to reload every two hours and testing some custom
>>> rules I did yesterday.
>>> --
>>> Jay
>>> jskier at gmail.com
>>>
>>>
>>
>> Is that af_packet or pcap mode?
>>
>> --
>> Regards,
>> Peter Manev
More information about the Oisf-users
mailing list