Hi,
confirmed.
As I use to say: "Welcome to the club"! ;-)
Running 'suricata 6.0.1 - but now I deactivated ALL rules.
But: no rules, no change, CPU load is still much to high. In idle mode! NO traffic.
@Fred: Graphs are almost identical to yours.
Who writes the bug report?
FYI: I'm just preparing the other 64bit Devel with 'suricata 5.0.5', just to see what will happen.
Best, Matthias
On 11.12.2020 16:20, Kienker, Fred wrote:
I am hoping this is the correct place to report C153 testing results. Otherwise I will open a topic on the forum if you prefer.
After updating a testing firewall from C152 Stable to C153 Testing, a significant increase in CPU load was observed as reported by others - see the attached graphs. The htop also shows Suricata as the 3 top processes No changes were made to the Suricata settings in the before and after.
This system is has enough processing power so it is not an issue, but it could be a problem on low powered systems.
Machine specs: Dell PowerEdge R420 Intel(R) Xeon(R) CPU E5-2430 24 GB RAM
Best regards, Fred
-----Original Message----- From: Matthias Fischer matthias.fischer@ipfire.org Sent: Thursday, December 10, 2020 12:32 PM To: Michael Tremer michael.tremer@ipfire.org; Stefan Schantl stefan.schantl@ipfire.org Cc: IPFire: Development-List development@lists.ipfire.org Subject: Re: suricata 6.0.0 / 6.0.1 - cpu load (idle) rising compared to 5.0.4
On 10.12.2020 14:39, Michael Tremer wrote:
Hey Matthias,
Hi Michael,
I checked but I cannot confirm this on my machine.
Hm...
I also asked the others on the telephone conference and nobody saw
anything suspicious either.
What hardware are you using, and what rules are you using?
Hardware is an old IPFire Duo Box ( ;-) ).
Profile: => https://fireinfo.ipfire.org/profile/5f68a6360ffbecb6877dcac75f5b8c8030f43ce8
Today I - again - switched from 5.04 to 6.01 using Emerging Threats Rules. Cpu load immidiately raised from 0.5-2% to ~10-12.5% (htop). See attached screenshots.
Then I deactivated a few rules (first wave at 17:35) - activating only 'botcc, 'drop', 'dshield', 'ermerging-exploit', 'emerging-malware' and 'emering-trojan' active. No change.
Right now I'm on 'suricata 6.0.4' with 'Talos VRT rules (registered). No change. Hm.
Any ideas?
Best, Matthias
Best, -Michael
On 6 Dec 2020, at 11:08, Matthias Fischer
matthias.fischer@ipfire.org wrote:
Hi,
I'd like to have a little problem... ;-)
The other day I saw 'suricata 6.0.0' had its coming out - yesterday it was '6.0.1'. At that time I thought it might be a good idea to test the current version.
So I built and tested these two one after another under Core
152/64bit.
I tested 6.0.0 some days ago, 6.0.1 yesterday. 'libhtp' was updated and installed too, yesterday to 0.5.36.
Both built without problems, both installed without problems, both showed a strange behavior while running.
Under *each* 6.0.X-version, the cpu load for '/usr/bin/suricata -c /etc/suricata/suricata.yaml -D -y 0:1' increased in *idle* mode from ~0.5%-2.0% to ~12% compared to 'suricata 5.0.4'. And I mean it. Idle. Nothing was going on.
Hardware: https://fireinfo.ipfire.org/profile/5f68a6360ffbecb6877dcac75f5b8c803 0f43ce8
Can anyone confirm - or did I miss something?
Best, Matthias