Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Running Suricata causes swap_pager_getswapspace failed

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 559 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      eva
      last edited by

      43918b30-d686-486b-8791-808889411c57-image.png
      swap_pager_getswapspace(32): failed

      e53a90a4-6a7c-425b-bf28-fd0ef16f58f2-image.png
      top -aSH

      The swap space is 99% in use. what should I do to resolve the swap_pager_getswapspace error?

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @eva
        last edited by

        @eva You might read through https://forum.netgate.com/topic/175527/snort-swap_pager_getswapspace-13-failed, it's probably the same ideas.

        Since you've cut off the process list what are the 3 processes using all that CPU and RAM? By any chance is it logging? If you have slower CPU or storage, or are using ZFS, turn off log compression.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • stephenw10S Online
          stephenw10 Netgate Administrator
          last edited by

          Looks like you have used all the RAM and then all the SWAP. On a system with 2GB RAM you need to configure Suricata carefully to avoid that. You can't just enable every ruleset and every rule in that.
          As a general rule pfSense should not use SWAP at all. If it is you probably have something misconfigured. Performance will drop significantly as when SWAP is in use.

          Steve

          1 Reply Last reply Reply Quote 1
          • bmeeksB Offline
            bmeeks
            last edited by bmeeks

            Agree with what others have already posted: you need to either significantly trim the rules you have enabled in Suricata or else bump up the RAM in the machine to at least 4 GB - and 8 GB is even better. But even with 4 GB of RAM, you will still want to carefully select the Suricata rules you enable.

            And as mentioned, once your box starts using swap space, performance goes quickly into the toilet.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.