Hi,
After enabling a specific ruleset, my setup is running about >260k rules. When running Suricata, the rules are being loaded fairly quick:
9/1/2023 -- 15:41:01 - <Info> - 39 rule files processed. 265492 rules successfully loaded, 0 rules failed
9/1/2023 -- 15:41:02 - <Info> - Threshold config parsed: 4 rule(s) found
9/1/2023 -- 15:41:41 - <Perf> - using unique mpm ctx' for tcp-packet
9/1/2023 -- 15:41:41 - <Perf> - using unique mpm ctx' for tcp-stream
9/1/2023 -- 15:41:41 - <Perf> - using unique mpm ctx' for udp-packet
9/1/2023 -- 15:41:41 - <Perf> - using unique mpm ctx' for other-ip
9/1/2023 -- 15:41:42 - <Info> - 265498 signatures processed. 15604 are IP-only rules, 3839 are inspecting packet payload, 245985 inspect application layer, 0 are decoder event only
9/1/2023 -- 15:41:42 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
After that, Suricata is stuck in here and does not initiate:
9/1/2023 -- 15:41:43 - <Perf> - TCP toserver: 76 port groups, 69 unique SGH's, 7 copies
9/1/2023 -- 15:41:43 - <Perf> - TCP toclient: 76 port groups, 44 unique SGH's, 32 copies
9/1/2023 -- 15:41:43 - <Perf> - UDP toserver: 76 port groups, 37 unique SGH's, 39 copies
9/1/2023 -- 15:41:43 - <Perf> - UDP toclient: 33 port groups, 18 unique SGH's, 15 copies
9/1/2023 -- 15:41:43 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
9/1/2023 -- 15:41:43 - <Perf> - OTHER toclient: 254 proto groups, 2 unique SGH's, 252 copies
Systemctl output shows that Suricata is running normally. Is this a normal behaviour? How can i solve this problem?
Thanks in advance.