Optimization #4234: Filemagic logging puts big pressure on performance - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #4234

open

PM PM

Filemagic logging puts big pressure on performance

Optimization #4234: Filemagic logging puts big pressure on performance

Added by Peter Manev over 5 years ago. Updated almost 2 years ago.

Status:

Feedback

Priority:

Normal

Assignee:

Peter Manev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

I have observed this with basically any of the 2 major stable versions plus latest git master.
This is not reproducible as a pcap or copy paste config example but rather in the following manner:

When filemagic (as part of fileinfo logs) is enabled on a busy system that has been tuned and the CPUs are not pegged, running with no drops - that immediately results in drops.
It is not necessarily that the CPUs or perf top will expose the problem in terms of busy function.

A way to observe this is with Trex or pktgen setup for example.
I can share examples.

Similar issue is observed when enabling checksums in fileinfo.

Related issues 1 (1 open — 0 closed)

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
#1

Is this still relevant? If so, can you provide more info on the test?

VJ Updated by Victor Julien about 3 years ago Actions
Copy link
#2

Related to Feature #5894: file: file classification keyword added

PA Updated by Philippe Antoine almost 3 years ago Actions
Copy link
#3

Assignee set to Peter Manev

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
#4

Status changed from New to Feedback
Target version set to TBD

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries