Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Running Suricata causes swap_pager_getswapspace failed

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 547 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eva
      last edited by

      43918b30-d686-486b-8791-808889411c57-image.png
      swap_pager_getswapspace(32): failed

      e53a90a4-6a7c-425b-bf28-fd0ef16f58f2-image.png
      top -aSH

      The swap space is 99% in use. what should I do to resolve the swap_pager_getswapspace error?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @eva
        last edited by

        @eva You might read through https://forum.netgate.com/topic/175527/snort-swap_pager_getswapspace-13-failed, it's probably the same ideas.

        Since you've cut off the process list what are the 3 processes using all that CPU and RAM? By any chance is it logging? If you have slower CPU or storage, or are using ZFS, turn off log compression.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Looks like you have used all the RAM and then all the SWAP. On a system with 2GB RAM you need to configure Suricata carefully to avoid that. You can't just enable every ruleset and every rule in that.
          As a general rule pfSense should not use SWAP at all. If it is you probably have something misconfigured. Performance will drop significantly as when SWAP is in use.

          Steve

          1 Reply Last reply Reply Quote 1
          • bmeeksB
            bmeeks
            last edited by bmeeks

            Agree with what others have already posted: you need to either significantly trim the rules you have enabled in Suricata or else bump up the RAM in the machine to at least 4 GB - and 8 GB is even better. But even with 4 GB of RAM, you will still want to carefully select the Suricata rules you enable.

            And as mentioned, once your box starts using swap space, performance goes quickly into the toilet.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.