Hi all
Interesting, sitting with a finless server with 
Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Current: 1826 MHz, Max: 1827 MHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: No
QAT Crypto: No
With 8GB RAM
With Siricata running I wasn’t 100%CPU utilised and 100%RAM utilised.
Having disabled it it dropped down to 60-70% on CPU and 60-80%% on RAM.
the 100% utilisation actually caused network slow down.
G
wow. just got off a conference/Teams call and CPU dropped down to sub 10%…
interesting… this is on my current slow 20Mbps VDSL line, actually slightly worried then how it will go with the expected/ordered 200Mbps Fiber.
G
The more rules you have turned on and the more streams it has to inspect (not based on speed) the more power it takes to run Suricata.
thinking I’m going to cut one of my vLan’s out, the IoT vlan that is currently only able to talk to one server on a defined port otherwise it is only allowed NTP and DNS out through the WAN,
Will have to look at the rules… my big thing atm is trying to see if anything malicious was left on my system, as I"m thinking I might have had a hacker on my network.
Running pfBlockerNG also, so might disable Siricata on the WAN interface (having pfBlockerNG look after inbound, and have Siricata see whats flowing inter Lan/LAN and outbound).
G
… can imagine… and ye thinking my little 4 core was over spec’d… well maybe for pfSense on it’s own, but having added pfBlockerNG and Siricata clearly a bit much for it… can see I’m going to have to upgrade the little box much sooner than I at all intended…
G