Project

General

Profile

Actions

Feature #845

open

Memory consumption in stats.log

Added by Peter Manev over 11 years ago. Updated about 2 months ago.

Status:
In Review
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

It will be very helpful if some more stats can be added in the stats.log

May be at the bottom of each update/run - how much memory (in MB if possible) is Suricata using for flow, stream, reassembly and fragmentation.
Or in other words - mirror of the yaml settings for flow, stream, reassembly and fragmentation, but from actual physical memory consumption point of view.

Thank you

Actions #1

Updated by Victor Julien about 11 years ago

  • Target version set to TBD
Actions #2

Updated by Andreas Herz almost 9 years ago

  • Assignee set to OISF Dev
Actions #3

Updated by Andreas Herz over 5 years ago

This would be really helpful but would it also increase the load to calculate it each time?

Actions #4

Updated by Peter Manev over 5 years ago

Most of these mem stats are already in :

tcp.memuse                                    | Total                     | 2240000000
tcp.reassembly_memuse                         | Total                     | 384780288
http.memuse                                   | Total                     | 260882
ftp.memuse                                    | Total                     | 696
flow.memuse                                   | Total                     | 7612575672
Actions #5

Updated by Andreas Herz over 5 years ago

So we have still missing:

- dns
- defrag
- host table
- ippair

stream is covered by the tcp ones.
At least this is the list I could come up with based on possible memory settings in the suricata.yaml.

Do you see any others?

Actions #6

Updated by Peter Manev over 5 years ago

For some of those we have memcaps counters(dns for example) so it still helps a bit. Don't see any others for now.

Actions #7

Updated by Philippe Antoine over 1 year ago

  • Target version changed from TBD to 8.0.0-beta1

Looking for memcap in suricata .yaml.in

We have
- ftp : in stats
- http : in stats
- http.byterange : TODO also to put in MemcapCommand in unix socket
- datasets : TODO
- defrag : TODO (only stats, already for socket)
- flow : ok
- stream : ok
- reassembly : TODO (only stats, already for socket)
- host : TODO (only stats, already for socket)
- ippair : TODO (only stats, already for socket)

Actions #8

Updated by Jeff Lucovsky 2 months ago

  • Status changed from New to In Progress
  • Assignee changed from OISF Dev to Jeff Lucovsky
Actions #9

Updated by Jeff Lucovsky 2 months ago ยท Edited

I've completed the changes to add memcap/memuse/stats per the following. The dataset manipulations are more complicated and warrant a separate ticket because of the UI impact (dataset names are dynamic and the current socket mode handler requires work to accommodate).

value stats socket
ftp y y
http y y
http.byterange y y
datasets n n
defrag y y
flow y y
stream y y
reassembly y y
host y y
ippair y y
thresholds n n
Actions #10

Updated by Jeff Lucovsky about 2 months ago

  • Status changed from In Progress to In Review
Actions

Also available in: Atom PDF