Suricata and ntopng memory consumption

Support
,
1

NethServer Version: 7.5.1804 (final)
Module: [Intrusion Prevention System] | [Bandwidth monitor]

According to @giacomo in here a NS7 Gateway for a small enterprise (less than 100 user) can work with 2GB of RAM. Mine has 4GB, so I started to find out which serviced are consuming RAM, I found that this 3 programs are consuming quite an amount of RAM.

clamd           | RSIZE = 657.9M | MEM = 26%
Suricata-Main   | RSIZE = 372.8M | MEM = 15%
ntopng          | RSIZE = 217.1M | MEM = 9%

I’m aware that clamd can demand approximately 500MB, however I’ve read that suricata can be set it to demand CPU instead of RAM, I’m still trying to figure it out how can I acomplish it since my average load is 0.44. Also ntopng according to this guide by using this two parameters -x/-X to avoid wasting memory.

2

Hi Juan,

Interesting, working on arm always looking for opportunities to get the recourse demand down. :grinning:

Do you have some leads (links) to follow ?
Thanx in advance!

3

I would be also interested into it, when running suricata on small servers.

If you really are low on RAM, start with turning off clamd for web surfing

4

Sorry for post delaying
Here are some details about configuration, should I find anything else I will put it here.

https://suricata.readthedocs.io/en/suricata-4.0.5/performance/high-performance-config.html
https://suricata.readthedocs.io/en/suricata-4.0.5/performance/tuning-considerations.html

1 Like