Hi, Im using suricata 4.1.5 in production since 1 year.
In the last 1-1,5 months Suricata start eating the memory on the host. Its jumping up to 4-500Mb and the host fails with out of memory error.
There is no change in the infrastructure and no change in the application on the host.
And the memory eating is a pretty random.
Any idea where can I start debugging? Any memory limit or optimalization what can I do on suricata process?
We see sometimes corner cases where memory consumption can get out of hand. But for the first steps I would ask for more details about your setup like hardware, OS, configuration, type of traffic, stats.log.
Also try to update to 4.1.8 or even 5.0.3.
You could also run perf top -p $(pidof suricata) and even spot something suspiciousl