Intrusion Prevention RAM usage

Overview

IPS can be an extremely demanding app when it comes to memory. This is why the rule-based signatures can be a blessing and a curse. 

What to look for

A good starting point if you do see your RAM spike is to get rid of some of the blanket default rules:

Not only will this cause a consistently larger use in RAM, it will likely create false positives. 

You can take a look at the RAM usage of Intrusion Prevention on the status page of the Intrusion Prevention app.

If it's too much you may need to back off on the rules. We added some basic defaults that will purely go by the database's (Emerging Threats) recommendation, which will mostly be to log it, and will only be allowed based on your RAM on the system. The important thing to note here is that the RAM value it uses to match on the rule is total memory, not memory available at the time, so you may need to under-compensate which rules you use: