Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [resolved] suricata inline - cpu idle at 80/85 %

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 1 Posters 207 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Actionhenk
      last edited by Actionhenk

      Hello,

      Yesterday I configured suricata on my pfsense box. Pfsense is running on esxi host, 8 cores assigned ( amd ryzen 2700x 24gb with an intel i350t2v2 nic in passthrough to the pf vm). After enabling and configuring suricata the cpu spikes and is idling at 80/85%.

      I do have a few rule sets enabled running 1 interface (im not sure if this is "alot" since I have used more in the past with no problems):

      emerging-attack_response.rules,
      emerging-ciarmy.rules,
      emerging-compromised.rules,
      emerging-current_events.rules,
      emerging-dns.rules,
      emerging-drop.rules,
      emerging-dshield.rules,
      emerging-exploit.rules,
      emerging-icmp.rules,
      emerging-icmp_info.rules,
      emerging-info.rules,
      emerging-malware.rules,
      emerging-mobile_malware.rules,
      emerging-policy.rules,
      emerging-scan.rules,
      emerging-shellcode.rules,
      emerging-telnet.rules,
      emerging-tor.rules,
      emerging-trojan.rules,
      emerging-worm.rules

      I would start looking to resolve this, but I dont know where to start (i dont have much experience with freebsd cmdline) ... someone have any ideas ?

      thanks

      1 Reply Last reply Reply Quote 0
      • A
        Actionhenk
        last edited by

        uninstalled suricata and installed snort, seems to be working

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.