Bug #7457
closedsnort use too much resource
0%
Description
first of all, As official wiki said, pfsense has removed layer7 packets filter feature after version 2.3 for the poor performance.
And for some layer7 detection, it recommend using snort. However, after having tried, I found that once start snort service, the cpu usage jumped from 1% to 50%,
and memory used jumped from 60M to 500M, while there is nearly no traffic at that time, it's a litte surprising, I think the snort layer7 detection is also broken, or there is something wrong with the kernel, it may need a fix rather than be removed directly, but I'm not so sure.
this is my cpu model:
Intel(R) Celeron(R) CPU G1840 @ 2.80GHz
2 CPUs: 1 package(s) x 2 core(s)
Updated by Kill Bill over 7 years ago
This is a bug tracker, please use https://forum.pfsense.org/index.php?board=61.0 for performance tuning tips. The memory usage is dictated by the active ruleset, if you HW doesn't handle it, you'll need to reduce the categories used. There's nothing pfSense could do here, its using the package as written by upstream, any improvements would need to be done there -- and yes, IPS/IDS needs powerful enough HW.
Updated by Jim Pingle over 7 years ago
- Status changed from New to Rejected
Please post on the forum to discuss and confirm problems before opening issues here on Redmine. This is not a bug.