diff --git a/src/detection/swap/swap_bsd.c b/src/detection/swap/swap_bsd.c
index 82ec66779..6fa8fb3ea 100644
--- a/src/detection/swap/swap_bsd.c
+++ b/src/detection/swap/swap_bsd.c
@@ -1,9 +1,32 @@
 #include "swap.h"
 #include "common/sysctl.h"
 
+#include <vm/vm_param.h>
+
 const char* ffDetectSwap(FFSwapResult* swap)
 {
-    swap->bytesTotal = (uint64_t)ffSysctlGetInt64("vm.swap_total", 0);
-    swap->bytesUsed = (uint64_t)ffSysctlGetInt64("vm.swap_reserved", 0);
+    int mib[16];
+    size_t mibsize = sizeof(mib) / sizeof(*mib);
+    if (sysctlnametomib("vm.swap_info", mib, &mibsize) < 0)
+        return "sysctlnametomib(\"vm.swap_info\") failed";
+
+    swap->bytesUsed = swap->bytesTotal = 0;
+
+    for (int n = 0; ; ++n)
+    {
+        mib[mibsize] = n;
+        struct xswdev xsw;
+        size_t size = sizeof(xsw);
+        if (sysctl(mib, (uint32_t) (mibsize + 1), &xsw, &size, NULL, 0) < 0)
+            break;
+        if (xsw.xsw_version != XSWDEV_VERSION)
+            return "xswdev version mismatch";
+        swap->bytesUsed += (uint64_t) xsw.xsw_used;
+        swap->bytesTotal += (uint64_t) xsw.xsw_nblks;
+    }
+
+    swap->bytesUsed *= instance.state.platform.pageSize;
+    swap->bytesTotal *= instance.state.platform.pageSize;
+
     return NULL;
 }