Suricata doesn't work using 100,000 rules

I downloaded about 100,000 threat intelligence domains for mining viruses from the internet and used the domains to generate about 100,000 rules with Suricata’s processes running but not actually working and with very low CPU usage.
Is there any solution for this type of problem

Well without more details about your setup, version, config, system used it’s hard to tell.
I can just tell you that over 100k rules is working in deployments.

First of all 6.0.10 is out, so update to the most recent stable please.

But still, how does your configuration file look like, how do you start Suricata, what CPU/Memory do you have, how do the rules look like. Paste stats.log and suricata.log to spot potential issues, metrics for the system load etc.

sorry,I use Suricata 6.0.3 and Centos 7 ,8-core CPU and 16G RAM 。Intel(R) Xeon(R) Bronze 3206R CPU @ 1.90GHz

Thank you very much, I will have a look at the relevant logs in a moment.

Hi,I see suricata.log <Critical> - [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this

This is a rule


Please post your complete report in one post instead of splitting it over multiple ones in the future.

The error message in your quote seems to contain special characters, please avoid this and ideally stick to English ones.

The stats.log is also not complete. The suricata.yaml is also missing. Based on the critical message it might be worth to try hyperscan as mpm-algo.

Thank you very much, I am posting from new

you might consider the use of datasets for such a task as well.

https://suricata.readthedocs.io/en/suricata-6.0.0/rules/datasets.html

Thank you very much. This way is very good