Suricata and tcmalloc

I saw a documentation how to run suricata with tcmalloc here:

It doesn’t mention how to install this on Debian, but here how I did this:

apt-get install libtcmalloc-minimal4

and the file is located at /usr/lib/x86_64-linux-gnu/

and in the suricata service I include above like this:

  echo "[Unit]"
  echo "Description=Suricata IDS/IDP Service"
  echo ""
  echo ""
  echo "Documentation=man:suricata(8) man:suricatasc(8)"
  echo "Documentation="
  echo ""
  echo "[Service]"
  echo "Type=forking"
  echo "Environment=LD_PREDLOAD=/usr/lib/x86_64-linux-gnu/"
  echo "# Debug level ---> -v: INFO | -vv: INFO+PERF | -vvv: INFO+PERF+CONFIG | -vvvv: INFO+PERF+CONFIG+DEBUG"
  echo "# D - means in daemon | -c read config | --pidfile <file> write pidfile on a file"
  echo "ExecStart=suricata --af-packet -vvv -D -c /etc/suricata/suricata.yaml --pidfile /var/run/"
  echo "ExecStartPre=rm -f /var/run/"
  echo "ExecStop=kill \$MAINPID && rm -f /var/run/"
  echo "ExecReload=kill -9 \$MAINPID"
  echo ""
  echo "[Install]"
  echo ""

Is it correct? How do I verify suricata use tcmalloc when running ?


Welcome to the community!

Try ldd $(which suricata) – you should see tcmalloc in the output.

1 Like