pevma
commented
7 years ago If the CPU utilization is not high you should also check if you are hitting any memcaps in /var/log/suricata/stats.log
Closed VN1977 closed 7 years ago
pevma
commented
7 years ago If the CPU utilization is not high you should also check if you are hitting any memcaps in /var/log/suricata/stats.log
VN1977
commented
7 years ago Excuse me, I don't understand what memcaps you mean. What I have found concerning mem is below:
tcp.memuse | Total | 16384000 tcp.reassembly_memuse | Total | 12332832 dns.memuse | Total | 16150 http.memuse | Total | 385231 flow.memuse | Total | 184654208
pevma
commented
7 years ago Sorry. I mean like so:
flow.memcap
tcp.ssn_memcap_drop
tcp.segment_memcap_drop
dns.memcap_state
dns.memcap_global
http.memcap
Hello! I think it doesn't relate to Scirius but to Suricata. I tried to find the solution on the Internet but only in one forum was said that this value means the counter of lost packets. Why does it happen? The counter of kernel dropped packets is clean, others problem indicators are clean too. But TCP reassembly gaps grows extremely. Can it be because of slow speed of hard drive? Or CPU speed? At the same time CPU and memory are not overloaded. CPU utilization is about 20%, sometimes increases to 70%, total memory is 16Gb, available 11Gb.