I saw a documentation how to run suricata with tcmalloc here:
https://suricata.readthedocs.io/en/suricata-6.0.0/performance/tcmalloc.html
It doesn’t mention how to install this on Debian, but here how I did this:
apt-get install libtcmalloc-minimal4
and the file is located at /usr/lib/x86_64-linux-gnu/libtcmalloc_minimal.so.4
and in the suricata service I include above like this:
echo "[Unit]"
echo "Description=Suricata IDS/IDP Service"
echo "Wants=network.target syslog.target"
echo "After=network.target syslog.target"
echo "Documentation=man:suricata(8) man:suricatasc(8)"
echo "Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki"
echo ""
echo "[Service]"
echo "Type=forking"
echo "Environment=LD_PREDLOAD=/usr/lib/x86_64-linux-gnu/libtcmalloc_minimal.so.4"
echo "# Debug level ---> -v: INFO | -vv: INFO+PERF | -vvv: INFO+PERF+CONFIG | -vvvv: INFO+PERF+CONFIG+DEBUG"
echo "# D - means in daemon | -c read config | --pidfile <file> write pidfile on a file"
echo "ExecStart=suricata --af-packet -vvv -D -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid"
echo "ExecStartPre=rm -f /var/run/suricata.pid"
echo "ExecStop=kill \$MAINPID && rm -f /var/run/suricata.pid"
echo "ExecReload=kill -9 \$MAINPID"
echo ""
echo "[Install]"
echo "WantedBy=multi-user.target"
Is it correct? How do I verify suricata use tcmalloc when running ?