According to the Suricata forum, Suricata 5.0.x is EOL from 1st Aug.
I know that the current testing build (Core 170) has the last supported version (5.0.10) released 12th July.
It may be time to move to Suricata 6.0.x. Upgrade notes can be found here
Do the IPFire devs have a plan for updating?
I’m shure they are more than aware.
I’m confident it will be upgraded
Soon enough.
From the link above.
Anyone’s name sound familiar.
Arne Welzel, Eloy Pérez González, Eric Leblond, Michael Tremer, Sascha Steinbiss, Xiaofan Wang.
…and thank YOU, our community, for your ongoing support!
Michael you are a busy man.
Thanks for all you do.
I think they are working on 7.0 which would support JA3 again.
Hi,
FYI:
I had - and have - suricata 6/7 “still on my list”, but:
=> 12548 – Suricata 6.x causes high CPU load in Core Update 153 (testing)
Which leads to:
=> Bug #4379: flow manager: using too much CPU during idle - Suricata - Open Information Security Foundation
That’s the reason we’re still on 5.x. From Core 153 until now I’ve tested several 6.x versions - no change, high load.
As soon as I get hands on a 7.x version,I’ll test again.
Best,
Matthias
FYI,
I tested suricata 6.0.6 today - start time was 7:57:44 am. The utilization rate rose from 1% to as high as 9.3% (idle):
System is: fireinfo.ipfire.org - Profile 5f68a6360ffbecb6877dcac75f5b8c8030f43ce8
They’re still working on it…
Best,
Matthias
EDIT: After going back to suricata 5.0.10, utilization dropped immediately to 0.0%-0.7% (idle).
Latest news:
=> 12548 – Suricata 6.x causes high CPU load in Core Update 153 (testing) (v6.0.8, looking good)
Hi all,
Suricata 6 has landed in upcoming Core Update 171. I currently anticipate to have a testing version of it released by the end of this week.
Please be (mentally) prepared for giving it a try, and report back your findings. This is absolutely essential for us, particularly if you run IPFire on exotic hardware or (more relevant for this thread) in complex network environments.
Thanks, and best regards,
Peter MĂĽller
Starting to see the ~10% spikes of CPU every few seconds.
Given Suricata 5 is now EOL I think security wise, it might be worth the 10% CPU hit (for now). Perhaps Suricata 7 will have different results. Just my opinion though 
Suricata 6 was added in 7 days ago.
see:
Please spend few minutes installing CU 171 test on your test system and give it a try. Feedback is always appreciated!
Just for comparison - CPU Usage per Day on my Duo Box, while watching a youtube “Lets play” at 1080p60(HD) during the last ~15 minutes:
Hi all,
Core Update 171 containing Suricata 6 has been released.
Closing this thread - thank you very much for your contributions!
All the best,
Peter MĂĽller
