I integrated Suricata6.0.9 into a constrained device (8GB memory, Intel Celeron CPU N2930), Suricata is running in af-packet mode in a container with 2 CPU core and 2GB memory limitation, after 60000+ signature is loaded, the basic memory reaches to 1.5GB, when some attack traffic keeps being played, the memory continuous grows, maximum 2.5GB, then remain stable.
I also tried not to load any signatures, still extra 1GB memory was consumed when being attacked
Why this happens? Is there any settings in suricata.yaml can effectively impact the memory size?
Here is the config file we are using suricata.yaml (75.3 KB)