[Oisf-users] Suricata v2.1beta2 with geoip and high ram consumption
Peter Manev
petermanev at gmail.com
Thu Jan 8 17:45:32 UTC 2015
On Tue, Jan 6, 2015 at 9:38 PM, Jay M. <jskier at gmail.com> wrote:
> Back up to 22 gigabytes of allocated RAM again and swap is getting
> eaten. This is with af-packet mode.
>
> I still have local (including geo) and pass rules on, I'll disable
> those to see if that makes a difference.
>
> Recent mem info from stats.log:
> tcp.memuse | Detect | 2151712
> dns.memuse | Detect | 491909
> dns.memcap_state | Detect | 0
> dns.memcap_global | Detect | 0
> tcp.segment_memcap_drop | Detect | 0
> tcp.reassembly_memuse | Detect | 121327432
> http.memuse | Detect | 70717572
> http.memcap | Detect | 0
> flow.memuse | FlowManagerThread | 8889408
>
> Let me know if you have any questions or need anything else,
> --
> Jay
> jskier at gmail.com
>
>
I was able to reproduce your behavior (on Ubuntu Trusty LTS, 3.13
kernel) -> simple kill -USR pid on the latest dev while inspecting
some traffic. I think this is a bug - not related to geoip in my case.
Would you please open a bug report?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list