I was expecting for kill -USR2 $(pidof suricata) to make suricata have a temporary memory usage peak because of the duplicated detection engine, and them return back to the original levels after. What I’m experiencing instead is that Suricata goes from a stable ~1.5gb to a stable ~1.9g b after the first rule update, and them every other update keeps it at ~1.9gb. Is this permanent memory increase of ~400mb expected after the first update?
Suricata 7.0.5 self compiled and running inside a container