Project

General

Profile

Actions

Optimization #4234

open

Filemagic logging puts big pressure on performance

Added by Peter Manev about 4 years ago. Updated 6 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

I have observed this with basically any of the 2 major stable versions plus latest git master.
This is not reproducible as a pcap or copy paste config example but rather in the following manner:

When filemagic (as part of fileinfo logs) is enabled on a busy system that has been tuned and the CPUs are not pegged, running with no drops - that immediately results in drops.
It is not necessarily that the CPUs or perf top will expose the problem in terms of busy function.

A way to observe this is with Trex or pktgen setup for example.
I can share examples.

Similar issue is observed when enabling checksums in fileinfo.


Related issues 1 (1 open0 closed)

Related to Suricata - Feature #5894: file: file classification keywordFeedbackVictor JulienActions
Actions

Also available in: Atom PDF