[resolved] suricata inline - cpu idle at 80/85 %



  • Hello,

    Yesterday I configured suricata on my pfsense box. Pfsense is running on esxi host, 8 cores assigned ( amd ryzen 2700x 24gb with an intel i350t2v2 nic in passthrough to the pf vm). After enabling and configuring suricata the cpu spikes and is idling at 80/85%.

    I do have a few rule sets enabled running 1 interface (im not sure if this is "alot" since I have used more in the past with no problems):

    emerging-attack_response.rules,
    emerging-ciarmy.rules,
    emerging-compromised.rules,
    emerging-current_events.rules,
    emerging-dns.rules,
    emerging-drop.rules,
    emerging-dshield.rules,
    emerging-exploit.rules,
    emerging-icmp.rules,
    emerging-icmp_info.rules,
    emerging-info.rules,
    emerging-malware.rules,
    emerging-mobile_malware.rules,
    emerging-policy.rules,
    emerging-scan.rules,
    emerging-shellcode.rules,
    emerging-telnet.rules,
    emerging-tor.rules,
    emerging-trojan.rules,
    emerging-worm.rules

    I would start looking to resolve this, but I dont know where to start (i dont have much experience with freebsd cmdline) ... someone have any ideas ?

    thanks



  • uninstalled suricata and installed snort, seems to be working


Log in to reply