Project

General

Profile

Actions

Bug #768

closed

detect-engine custom profiling - high traffic

Added by Peter Manev about 11 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,

In yaml - custom profiling section:

detect-engine:

  - profile: medium

  - custom-values:

      toclient-src-groups: 2

      toclient-dst-groups: 2

      toclient-sp-groups: 2

      toclient-dp-groups: 3

      toserver-src-groups: 2

      toserver-dst-groups: 4

      toserver-sp-groups: 2

      toserver-dp-groups: 25

  - sgh-mpm-context: auto

  - inspection-recursion-limit: 3000

a change from medium to high - initiates a stop/crash cause we run out of memory (32G RAM) on 6K rules.
a change from medium to custom (with custom having variables (20,200) much bigger than "high") - no difference in mem consumption.. the same as in medium.
This is reproducible only on a high traffic monitoring interface.

I can share privately the yaml and more info.

Actions #1

Updated by Victor Julien over 10 years ago

  • Target version set to TBD
Actions #2

Updated by Andreas Herz over 7 years ago

  • Status changed from New to Closed
Actions #3

Updated by Andreas Herz over 7 years ago

  • Target version deleted (TBD)

not reproduced anymore

Actions

Also available in: Atom PDF