When I enable file restore in the configuration file, my Suricata has performance issues after running for a while. Not enough memory and too much CPU load. How can I optimize it?
Network traffic: 1.2Gbps (99% of it is http data)
ubuntu 18.04
suricata: 6.0.1
AWS: c5n.9xlarge
vCPU: 36
mem: 96G
perf top -p {pid}
There have been some important fixes to file inspection in 6.0.2. Could you try that and see if it changes anything?
Ok, I will try to upgrade to 6.0.2 today. Give feedback later.
Thank you for the suggestion, after 2 days of testing. After upgrading to Suricata v6.0.2, CPU utilization is 50% lower than before the upgrade and there is no memory overflow.
