[Oisf-users] Number of handles used by suricata
Ruslan Usmanov
ruslanuxml at gmail.com
Tue Dec 5 18:07:18 UTC 2017
Hi all,
Is number of open handles by suricata is an area of concern?
I noticed when suricata is running with default configuration (max-frags =
65535 with prealloc, flow hash_size = 65536), the process keeps open
220,000 handles.
By bringing down number of these items, we can save up to 200k handles on
the system. I understand the reason is because each defrag and flow
requires its own mutex and handle.
What are you doing - just ignore the number of open handles, or using lower
values, and what are recommended number of defrags/flows, having in mind we
still want to keep system protected?
Thank you,
Ruslan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171205/7da45d69/attachment.html>
More information about the Oisf-users
mailing list