Hello Michael, hello Matthias, hello *,
just for the records: I cannot reproduce this issue on two machines running Core Update 153 (testing) for a while now.
Both have an Intel N3150 CPU and are running on x86_64 (no virtualisation), one of those is almost permanently under a significant network load. To be honest, it's CPU load actually _decreased_ a bit after installing Core Update 153, but I cannot pinpoint the reason for this at the moment.
From my point of view, there is no need to downgrade to Suricata 5.x again. In terms of security, I dislike that idea as well, however, this seems to affect certain scenarios quite bad...
Thanks, and best regards, Peter Müller
Hi,
On 12 Dec 2020, at 02:18, Kienker, Fred fkienker@at4b.com wrote:
Matthas:
I worked through some of the examples of the settings described in the Suricata forum discussion. If my observations is correct, the issue centers around the flow manager. A change to it has made a big difference it the resource usage by this process. Its likely going to come down to live with the load created the v6 version or revert to v5 and wait for them to get to the bottom of this. No combination of settings in the flow section of suricata.yaml ever seemed to reduce it and instead increased it.
Good research.
I don't use low power systems for IPFire and dont have access to one but others with these systems may want to take a look at their performance numbers and report back as to whether they can live with the higher load.
It is not directly low-power systems.
I launched this on AWS today and the CPU load is immediately at 25%. It was mentioned on the linked thread that virtual systems are affected more.
I would now rather lean towards reverting suricata 6 unless there is a hot fix available soon.
Best, -Michael
Best regards, Fred
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 9:00 AM - 6:00 PM ET, Monday thru Friday.
-----Original Message----- From: Matthias Fischer matthias.fischer@ipfire.org Sent: Friday, December 11, 2020 6:34 PM To: Kienker, Fred; michael.tremer michael.tremer@ipfire.org; stefan.schantl stefan.schantl@ipfire.org Cc: development development@lists.ipfire.org Subject: Re: suricata 6.0.0 / 6.0.1 - cpu load (idle) rising compared to 5.0.4
Hi,
looks as if there is something going on in the suricata forum regarding cpu load:
=> https://forum.suricata.io/t/cpu-usage-of-version-6-0-0/706
I can't really interpret the numrous screenshots and ongoing discussions, but could it be that this is related to what I'm experiencing when upgrading from 5.0.x to 6.0.x?
Best, Matthias