Feature #845
closedstats: track memory consumption
Added by Peter Manev over 12 years ago. Updated 11 months ago.
Description
It will be very helpful if some more stats can be added in the stats.log
May be at the bottom of each update/run - how much memory (in MB if possible) is Suricata using for flow, stream, reassembly and fragmentation.
Or in other words - mirror of the yaml settings for flow, stream, reassembly and fragmentation, but from actual physical memory consumption point of view.
Thank you
Updated by Andreas Herz almost 7 years ago
This would be really helpful but would it also increase the load to calculate it each time?
Updated by Peter Manev almost 7 years ago
Most of these mem stats are already in :
tcp.memuse | Total | 2240000000 tcp.reassembly_memuse | Total | 384780288 http.memuse | Total | 260882 ftp.memuse | Total | 696 flow.memuse | Total | 7612575672
Updated by Andreas Herz almost 7 years ago
So we have still missing:
- dns
- defrag
- host table
- ippair
stream is covered by the tcp ones.
At least this is the list I could come up with based on possible memory settings in the suricata.yaml.
Do you see any others?
Updated by Peter Manev almost 7 years ago
For some of those we have memcaps counters(dns for example) so it still helps a bit. Don't see any others for now.
Updated by Philippe Antoine over 2 years ago
- Target version changed from TBD to 8.0.0-beta1
Looking for memcap in suricata .yaml.in
We have
- ftp : in stats
- http : in stats
- http.byterange : TODO also to put in MemcapCommand in unix socket
- datasets : TODO
- defrag : TODO (only stats, already for socket)
- flow : ok
- stream : ok
- reassembly : TODO (only stats, already for socket)
- host : TODO (only stats, already for socket)
- ippair : TODO (only stats, already for socket)
Updated by Jeff Lucovsky over 1 year ago
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Jeff Lucovsky
Updated by Jeff Lucovsky over 1 year ago ยท Edited
I've completed the changes to add memcap/memuse/stats per the following. The dataset manipulations are more complicated and warrant a separate ticket because of the UI impact (dataset names are dynamic and the current socket mode handler requires work to accommodate).
| value | stats | socket |
|---|---|---|
| ftp | y | y |
| http | y | y |
| http.byterange | y | y |
| datasets | n | n |
| defrag | y | y |
| flow | y | y |
| stream | y | y |
| reassembly | y | y |
| host | y | y |
| ippair | y | y |
| thresholds | n | n |
Updated by Jeff Lucovsky over 1 year ago
- Status changed from In Progress to In Review
Updated by Victor Julien about 1 year ago
@Jeff Lucovsky your PR was merged, does it satisfy this ticket?
Updated by Jeff Lucovsky about 1 year ago
@Peter Manev Does the PR meet the requirements?
Updated by Victor Julien 11 months ago
- Subject changed from Memory consumption in stats.log to stats: track memory consumption