Replies: 2 comments 2 replies
-
|
We're unable to duplicate this behavior using our automated tests or manual testing. If you would like us to investigate further, then you can submit complete reproduction steps on a new installation of the latest version with screenshots showing the issue. You specify above that your version is 2.4.60. That version is over a year old and needs to be updated anyway: The current version is 2.4.160: Another option is to purchase support and have an engineer investigate your current installation. |
Beta Was this translation helpful? Give feedback.
-
|
I apologize, that should have been 2.4.160. After tweaking some Suricata PCAP settings, my RAM usage is back to a more reasonable level. compression: none Maybe not efficient in the storage department, but appears to be the only thing that worked for me. |
Beta Was this translation helpful? Give feedback.
-
|
What were those settings before? |
Beta Was this translation helpful? Give feedback.
-
|
They were set to the defaults. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.60
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
28
RAM
192GB
Storage for /
315GB
Storage for /nsm
10TB
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
After retrieving PCAP from a network session (even a small PCAP), sensoroni begins to utilize extremely high amounts of RAM (up to 96% of my 192GB) and the swap space fills up. Only fix is to restart sensoroni. This is a very small network and I'm only using around 20% of my nsm.
Any ideas?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions