[resolved] suricata inline - cpu idle at 80/85 %
-
Hello,
Yesterday I configured suricata on my pfsense box. Pfsense is running on esxi host, 8 cores assigned ( amd ryzen 2700x 24gb with an intel i350t2v2 nic in passthrough to the pf vm). After enabling and configuring suricata the cpu spikes and is idling at 80/85%.
I do have a few rule sets enabled running 1 interface (im not sure if this is "alot" since I have used more in the past with no problems):
emerging-attack_response.rules,
emerging-ciarmy.rules,
emerging-compromised.rules,
emerging-current_events.rules,
emerging-dns.rules,
emerging-drop.rules,
emerging-dshield.rules,
emerging-exploit.rules,
emerging-icmp.rules,
emerging-icmp_info.rules,
emerging-info.rules,
emerging-malware.rules,
emerging-mobile_malware.rules,
emerging-policy.rules,
emerging-scan.rules,
emerging-shellcode.rules,
emerging-telnet.rules,
emerging-tor.rules,
emerging-trojan.rules,
emerging-worm.rulesI would start looking to resolve this, but I dont know where to start (i dont have much experience with freebsd cmdline) ... someone have any ideas ?
thanks
-
uninstalled suricata and installed snort, seems to be working