Feature #845
closedstats: track memory consumption
Description
It will be very helpful if some more stats can be added in the stats.log
May be at the bottom of each update/run - how much memory (in MB if possible) is Suricata using for flow, stream, reassembly and fragmentation.
Or in other words - mirror of the yaml settings for flow, stream, reassembly and fragmentation, but from actual physical memory consumption point of view.
Thank you
VJ Updated by Victor Julien over 12 years ago
- Target version set to TBD
AH Updated by Andreas Herz over 10 years ago
- Assignee set to OISF Dev
AH Updated by Andreas Herz almost 7 years ago
This would be really helpful but would it also increase the load to calculate it each time?
PM Updated by Peter Manev almost 7 years ago
Most of these mem stats are already in :
tcp.memuse | Total | 2240000000 tcp.reassembly_memuse | Total | 384780288 http.memuse | Total | 260882 ftp.memuse | Total | 696 flow.memuse | Total | 7612575672
AH Updated by Andreas Herz almost 7 years ago
So we have still missing:
- dns
- defrag
- host table
- ippair
stream is covered by the tcp ones.
At least this is the list I could come up with based on possible memory settings in the suricata.yaml.
Do you see any others?
PM Updated by Peter Manev almost 7 years ago
For some of those we have memcaps counters(dns for example) so it still helps a bit. Don't see any others for now.
PA Updated by Philippe Antoine over 2 years ago
- Target version changed from TBD to 8.0.0-beta1
Looking for memcap in suricata .yaml.in
We have
- ftp : in stats
- http : in stats
- http.byterange : TODO also to put in MemcapCommand in unix socket
- datasets : TODO
- defrag : TODO (only stats, already for socket)
- flow : ok
- stream : ok
- reassembly : TODO (only stats, already for socket)
- host : TODO (only stats, already for socket)
- ippair : TODO (only stats, already for socket)
JL Updated by Jeff Lucovsky over 1 year ago
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Jeff Lucovsky
JL Updated by Jeff Lucovsky over 1 year ago ยท Edited
I've completed the changes to add memcap/memuse/stats per the following. The dataset manipulations are more complicated and warrant a separate ticket because of the UI impact (dataset names are dynamic and the current socket mode handler requires work to accommodate).
| value | stats | socket |
|---|---|---|
| ftp | y | y |
| http | y | y |
| http.byterange | y | y |
| datasets | n | n |
| defrag | y | y |
| flow | y | y |
| stream | y | y |
| reassembly | y | y |
| host | y | y |
| ippair | y | y |
| thresholds | n | n |
JL Updated by Jeff Lucovsky over 1 year ago
- Status changed from In Progress to In Review
VJ Updated by Victor Julien about 1 year ago
@Jeff Lucovsky your PR was merged, does it satisfy this ticket?
JL Updated by Jeff Lucovsky about 1 year ago
@Peter Manev Does the PR meet the requirements?
PM Updated by Peter Manev about 1 year ago
@Jeff Lucovsky - all good, yes thank you!
PM Updated by Peter Manev about 1 year ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien about 1 year ago
- Subject changed from Memory consumption in stats.log to stats: track memory consumption