Support #3287
closedUsing Lua output, Suricata kernel drop high.
Description
HI, Team:
I am trying to use Lua Output to audit a specific website.At the peak of the site, I found a lot of kernel drops. When using Lua Output, I have turned off Suricata's default http output.
After discovering the kernel discard alert, I chose to turn off the Lua output and open Suricata's default http output.Solved the problem of kernel drops. This makes me suspect that the problem caused by Lua Output, how should I optimize to solve this problem?
When a kernel delete occurs, the stats.flow_mgr.new_pruned_delta value will become very large.I don't quite understand what this means.Can you explain?
I have 3 questions:
1. For this problem, can Suricata.yaml be optimized?
2. what's mean stats.flow_mgr.new_pruned_delta ?
3. luajit: states: 128 When should this value be adjusted?
Before kernel drops
------------------------------------------------------------------------------------
Date: 10/29/2019 -- 03:06:30 (uptime: 0d, 00h 01m 23s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
capture.kernel_packets | Total | 6542206
decoder.pkts | Total | 6694420
decoder.bytes | Total | 6863107222
decoder.ipv4 | Total | 13388752
decoder.ethernet | Total | 6694420
decoder.tcp | Total | 6491644
decoder.udp | Total | 6696085
decoder.icmpv4 | Total | 152
decoder.vlan | Total | 6694420
decoder.vxlan | Total | 6694332
decoder.avg_pkt_size | Total | 1025
decoder.max_pkt_size | Total | 9015
flow.tcp | Total | 403424
flow.udp | Total | 49909
flow.icmpv4 | Total | 27
tcp.sessions | Total | 237343
tcp.syn | Total | 237457
tcp.synack | Total | 237426
tcp.rst | Total | 109901
tcp.reassembly_gap | Total | 24933
tcp.overlap | Total | 1612937
app_layer.flow.http | Total | 154203
app_layer.tx.http | Total | 181085
app_layer.flow.failed_tcp | Total | 58304
app_layer.flow.dns_udp | Total | 1
app_layer.tx.dns_udp | Total | 2
app_layer.flow.failed_udp | Total | 49908
flow_mgr.closed_pruned | Total | 226320
flow_mgr.new_pruned | Total | 215436
flow_mgr.est_pruned | Total | 25
flow.spare | Total | 1053947
flow.tcp_reuse | Total | 10
flow_mgr.flows_checked | Total | 13201
flow_mgr.flows_notimeout | Total | 1373
flow_mgr.flows_timeout | Total | 11828
flow_mgr.flows_timeout_inuse | Total | 3451
flow_mgr.flows_removed | Total | 8377
flow_mgr.rows_checked | Total | 1048576
flow_mgr.rows_skipped | Total | 1030263
flow_mgr.rows_empty | Total | 5242
flow_mgr.rows_maxlen | Total | 2
tcp.memuse | Total | 20643840
tcp.reassembly_memuse | Total | 324192856
http.memuse | Total | 194409899
flow.memuse | Total | 415443880
kernel drops
------------------------------------------------------------------------------------
Date: 10/29/2019 -- 03:07:30 (uptime: 0d, 00h 02m 23s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
capture.kernel_packets | Total | 13429680
capture.kernel_drops | Total | 6429177
decoder.pkts | Total | 13598613
decoder.bytes | Total | 13832953635
decoder.ipv4 | Total | 27197129
decoder.ethernet | Total | 13598613
decoder.tcp | Total | 13192478
decoder.udp | Total | 13602126
decoder.icmpv4 | Total | 218
decoder.vlan | Total | 13598613
decoder.vxlan | Total | 13598519
decoder.avg_pkt_size | Total | 1017
decoder.max_pkt_size | Total | 9015
flow.tcp | Total | 823605
flow.udp | Total | 112050
flow.icmpv4 | Total | 59
tcp.sessions | Total | 489887
tcp.syn | Total | 490059
tcp.synack | Total | 490027
tcp.rst | Total | 233928
tcp.reassembly_gap | Total | 50030
tcp.overlap | Total | 3340027
detect.alert | Total | 1
app_layer.flow.http | Total | 314483
app_layer.tx.http | Total | 370209
app_layer.flow.failed_tcp | Total | 124134
app_layer.flow.dns_udp | Total | 2
app_layer.tx.dns_udp | Total | 4
app_layer.flow.failed_udp | Total | 112048
flow_mgr.closed_pruned | Total | 467779
flow_mgr.new_pruned | Total | 444549
flow_mgr.est_pruned | Total | 15148
flow.spare | Total | 1057524
flow.tcp_reuse | Total | 17
flow_mgr.flows_checked | Total | 11596
flow_mgr.flows_timeout | Total | 11596
flow_mgr.flows_timeout_inuse | Total | 2834
flow_mgr.flows_removed | Total | 8762
flow_mgr.rows_checked | Total | 1048576
flow_mgr.rows_skipped | Total | 1030570
flow_mgr.rows_empty | Total | 6470
flow_mgr.rows_maxlen | Total | 2
tcp.memuse | Total | 20643840
tcp.reassembly_memuse | Total | 81676632
http.memuse | Total | 87018090
flow.memuse | Total | 417751032
Files