[Oisf-users] FlowManagerThread idle CPU usage
elof2 at sentor.se
elof2 at sentor.se
Mon Mar 21 16:15:59 UTC 2016
Ok.
It feels a bit steep to constantly draw 2-3% CPU doing nothing at all. :)
...especially since my hash table has never been filled with any flows in
the first place.
The sensor is just booted and idling. It has seen a total of 0 packets.
Perhaps you can shave off a couple of CPU cycles here if the collector can
be made a little smarter? :)
/Elof
On Mon, 21 Mar 2016, Victor Julien wrote:
> On 21-03-16 12:05, elof2 at sentor.se wrote:
>> Should the FlowManagerThread in Suricata really use CPU resources when
>> there are zero captures packets?
>>
>> My sensor is completely silent (zero packets on ix1), but 'top -PSHz'
>> show a constant CPU utilization of 2.69% for the FlowManagerThread.
>>
>>
>> The box itself is idling. No traffic in or out. No SPAN is sent to it.
>> So there's just a suricata running, doing nothing.
>> Yet, it constantly consumes ~2.7% of one CPU.
>
> This is expected. The flow manager thread is basically a garbage
> collector walking a hash table on a interval. The cpu time is related to
> the flow hash table size. If there are many flows it will take more CPU,
> but it will take some even if the hash is (virtually) empty.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
More information about the Oisf-users
mailing list