從昨天晚上開始 suricata的cpu就會一直跑到98以上而且降不下來

看了一下 log 出現大量的 truncated 

Jan 13 04:30:33 suricata suricata[77297]: [1:2200003:2] SURICATA IPv4 truncated packet [Classification: Gen

eric Protocol Command Decode] [Priority: 3] [**] [Raw pkt: C0 C5 20 6B A9 DA 00 60 E0 8A 76 E3 08 00 45 00 

0A 8C 8F C5 00 0]

Jan 13 10:44:03 suricata suricata[78]: [1:2200013:2] SURICATA IPv6 truncated packet [Classification: Generic Protocol Command Decode] [Priority: 3] [**] [Raw pkt: C0 C5 20 6B A9 DA 00 60 E0 8A 76 E3 86 DD 60 81 56 A3 10 DC 06 3]

先把這二個偵測暫停 

/etc/suricata/rules/decoder-events.rules

再觀察看看