Feature #845
open
Memory consumption in stats.log
Added by Peter Manev over 11 years ago.
Updated 4 days ago.
Description
It will be very helpful if some more stats can be added in the stats.log
May be at the bottom of each update/run - how much memory (in MB if possible) is Suricata using for flow, stream, reassembly and fragmentation.
Or in other words - mirror of the yaml settings for flow, stream, reassembly and fragmentation, but from actual physical memory consumption point of view.
Thank you
- Target version set to TBD
This would be really helpful but would it also increase the load to calculate it each time?
Most of these mem stats are already in :
tcp.memuse | Total | 2240000000
tcp.reassembly_memuse | Total | 384780288
http.memuse | Total | 260882
ftp.memuse | Total | 696
flow.memuse | Total | 7612575672
So we have still missing:
- dns
- defrag
- host table
- ippair
stream is covered by the tcp ones.
At least this is the list I could come up with based on possible memory settings in the suricata.yaml.
Do you see any others?
For some of those we have memcaps counters(dns for example) so it still helps a bit. Don't see any others for now.
- Target version changed from TBD to 8.0.0-beta1
Looking for memcap in suricata .yaml.in
We have
- ftp : in stats
- http : in stats
- http.byterange : TODO also to put in MemcapCommand in unix socket
- datasets : TODO
- defrag : TODO (only stats, already for socket)
- flow : ok
- stream : ok
- reassembly : TODO (only stats, already for socket)
- host : TODO (only stats, already for socket)
- ippair : TODO (only stats, already for socket)
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Jeff Lucovsky
I've completed the changes to add memcap/memuse/stats per the following. The dataset manipulations are more complicated and warrant a separate ticket because of the UI impact (dataset names are dynamic and the current socket mode handler requires work to accommodate).
| value |
stats |
socket |
| ftp |
y |
y |
| http |
y |
y |
| http.byterange |
y |
y |
| datasets |
n |
n |
| defrag |
y |
y |
| flow |
y |
y |
| stream |
y |
y |
| reassembly |
y |
y |
| host |
y |
y |
| ippair |
y |
y |
| thresholds |
n |
n |
- Status changed from In Progress to In Review
Also available in: Atom
PDF