Feature #845
closedstats: track memory consumption
Added by Peter Manev almost 13 years ago. Updated about 1 year ago.
Description
It will be very helpful if some more stats can be added in the stats.log
May be at the bottom of each update/run - how much memory (in MB if possible) is Suricata using for flow, stream, reassembly and fragmentation.
Or in other words - mirror of the yaml settings for flow, stream, reassembly and fragmentation, but from actual physical memory consumption point of view.
Thank you
VJ Updated by Victor Julien over 12 years ago Actions #1
- Target version set to TBD
AH Updated by Andreas Herz over 10 years ago Actions #2
- Assignee set to OISF Dev
AH Updated by Andreas Herz almost 7 years ago Actions #3
This would be really helpful but would it also increase the load to calculate it each time?
PM Updated by Peter Manev almost 7 years ago Actions #4
Most of these mem stats are already in :
tcp.memuse | Total | 2240000000 tcp.reassembly_memuse | Total | 384780288 http.memuse | Total | 260882 ftp.memuse | Total | 696 flow.memuse | Total | 7612575672
AH Updated by Andreas Herz almost 7 years ago Actions #5
So we have still missing:
- dns
- defrag
- host table
- ippair
stream is covered by the tcp ones.
At least this is the list I could come up with based on possible memory settings in the suricata.yaml.
Do you see any others?
PM Updated by Peter Manev almost 7 years ago Actions #6
For some of those we have memcaps counters(dns for example) so it still helps a bit. Don't see any others for now.
PA Updated by Philippe Antoine almost 3 years ago Actions #7
- Target version changed from TBD to 8.0.0-beta1
Looking for memcap in suricata .yaml.in
We have
- ftp : in stats
- http : in stats
- http.byterange : TODO also to put in MemcapCommand in unix socket
- datasets : TODO
- defrag : TODO (only stats, already for socket)
- flow : ok
- stream : ok
- reassembly : TODO (only stats, already for socket)
- host : TODO (only stats, already for socket)
- ippair : TODO (only stats, already for socket)
JL Updated by Jeff Lucovsky over 1 year ago Actions #8
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Jeff Lucovsky
JL Updated by Jeff Lucovsky over 1 year ago ยท Edited Actions #9
I've completed the changes to add memcap/memuse/stats per the following. The dataset manipulations are more complicated and warrant a separate ticket because of the UI impact (dataset names are dynamic and the current socket mode handler requires work to accommodate).
| value | stats | socket |
|---|---|---|
| ftp | y | y |
| http | y | y |
| http.byterange | y | y |
| datasets | n | n |
| defrag | y | y |
| flow | y | y |
| stream | y | y |
| reassembly | y | y |
| host | y | y |
| ippair | y | y |
| thresholds | n | n |
JL Updated by Jeff Lucovsky over 1 year ago Actions #10
- Status changed from In Progress to In Review
VJ Updated by Victor Julien about 1 year ago Actions #11
@Jeff Lucovsky your PR was merged, does it satisfy this ticket?
JL Updated by Jeff Lucovsky about 1 year ago Actions #12
@Peter Manev Does the PR meet the requirements?
PM Updated by Peter Manev about 1 year ago Actions #13
@Jeff Lucovsky - all good, yes thank you!
PM Updated by Peter Manev about 1 year ago Actions #14
- Status changed from In Review to Closed
VJ Updated by Victor Julien about 1 year ago Actions #15
- Subject changed from Memory consumption in stats.log to stats: track memory consumption