Actions
Bug #768
closeddetect-engine custom profiling - high traffic
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hi,
In yaml - custom profiling section:
detect-engine: - profile: medium - custom-values: toclient-src-groups: 2 toclient-dst-groups: 2 toclient-sp-groups: 2 toclient-dp-groups: 3 toserver-src-groups: 2 toserver-dst-groups: 4 toserver-sp-groups: 2 toserver-dp-groups: 25 - sgh-mpm-context: auto - inspection-recursion-limit: 3000
a change from medium to high - initiates a stop/crash cause we run out of memory (32G RAM) on 6K rules.
a change from medium to custom (with custom having variables (20,200) much bigger than "high") - no difference in mem consumption.. the same as in medium.
This is reproducible only on a high traffic monitoring interface.
I can share privately the yaml and more info.
Actions