[Oisf-users] Suricata load/latency spikes
Oliver Humpage
oliver at watershed.co.uk
Mon Jun 29 15:01:41 UTC 2015
On 29 Jun 2015, at 14:37, robert.jamison at bt.com wrote:
> The only non-trivial difference in the before and after stats is that dns.memuse increases by a factor of 3x.
That's pretty much what I thought too. But it's still only a tiny amount, so probably not the issue.
I've been using systat to look at PPS, and although sometimes I can see latency increase with PPS, at other times I can see PPS get to nearly 10x above the background average and no ill effects (4k as opposed to normal 0.5k). So it's not purely PPS, and it's not anything stats.log can point at.
I might start commenting out rulesets one at a time to see if any particular sets are causing issues.
If anyone else has any ideas, do shout :)
Thanks,
Oliver.
More information about the Oisf-users
mailing list