Bug #715
Updated by Victor Julien over 11 years ago
With -- This is Suricata version 1.4dev (rev 5f4c528) when packet_stats.csv is enabled in suricata.yaml - it appears to work: <pre> root@suricata:/var/data/regit/log/suricata# ls -lh -rw-r----- 1 root root 146M Jan 12 17:00 fast.log drwxr-xr-x 2 root root 6 Aug 26 20:17 files -rw-r----- 1 root root 51M Jan 12 16:53 files-json.log -rw-r----- 1 root root 111M Jan 12 16:53 http.log -rw-r--r-- 1 root root 129M Jan 12 17:00 packet_stats.csv root@suricata:/var/data/regit/log/suricata# ls -lh -rw-r----- 1 root root 146M Jan 12 17:00 fast.log drwxr-xr-x 2 root root 6 Aug 26 20:17 files -rw-r----- 1 root root 51M Jan 12 16:53 files-json.log -rw-r----- 1 root root 111M Jan 12 16:53 http.log -rw-r--r-- 1 root root 183M Jan 12 17:00 packet_stats.csv root@suricata:/var/data/regit/log/suricata# ls -lh -rw-r----- 1 root root 146M Jan 12 17:00 fast.log drwxr-xr-x 2 root root 6 Aug 26 20:17 files -rw-r----- 1 root root 51M Jan 12 16:53 files-json.log -rw-r----- 1 root root 111M Jan 12 16:53 http.log -rw-r--r-- 1 root root 237M Jan 12 17:00 packet_stats.csv root@suricata:/var/data/regit/log/suricata# </pre> however - when that is enabled the CPUs (16 count) are 30% busy. If packet_stats.csv output is not enabled - the CPUs are back to normal 90% usage. It is understandable that there is a (higher) performance impact when packet_stats.csv is enabled (and --enable-profiling configured) but the impact seems a bit odd in this case - lower actually.