Bug #2791
closed
OOM errors on low end devices
Added by Shivani Bhardwaj almost 6 years ago.
Updated almost 6 years ago.
Description
As per a recent discussion on the mailing list, suricata-update takes up too much memory to run and causes OOM errors on low end devices like RPi.
- Status changed from New to Assigned
Perhaps there are multiple issues. The 'test' step where Suricata itself validates the new rules spins up a new Suricata next to a running one. This will lead to duplicate mem use for Suricata itself. This would not be suricata-update's fault of course.
- Status changed from Assigned to Closed
- Target version changed from TBD to 1.0.4
I think not only the rule testing is the problem here. Our suricata-update instance that runs on a seperate rulehost-server with 2GB RAM gets killed while running suricata-update, because lack of available memory.
This happens during the following line:
7/3/2019 -- 10:01:35 - <Info> -- Backing up current rules.
I think the diff function between the current rule file and the new one consumes to much memory and leads to the killing of the process.
One of the things that can make a difference is making sure that you use python3 instead of python2.
Also available in: Atom
PDF