<br><br><div class="gmail_quote">On Thu, Jun 2, 2011 at 11:39 AM, Abhishek Sharma <span dir="ltr"><<a href="mailto:abhisheksharma84@gmail.com">abhisheksharma84@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi Team,<br><br>Firstly, I am mighty pleased and impressed with this tool!!! way better than snort!!<br><br>What I am trying to achieve here is to parse pcap files at the rate of 500 MB Pcaps / Second. I have pcaps of the size of 1 GB available with me. I have close to 50 rules only. All TCP. Now, if I parse one file with Suricata it takes me approximately 3.5 seconds to do so. I am using a 24 core server with 47 GB RAM. I am running Ubuntu 10 platform. I believe the machine is strong enough.<br>
<br>Now 3.5 secs for 1 GB file is good...no denying. But I have to achieve a speed of 500 Mbps and for that I have to parse a file in under 2 seconds. So what I did was to run two instances of Suricata in parallel (assuming two instances should finish in 3.5 seconds as its a fairly strong machine), but to my surprise (and dismay), it took me 7 seconds to process!!! for 3 instnaces it takes close to 9 secs!! So basically running a instance in parallel just adds up the time. I dont understand this. I have disabled all logging...Tried all search algorithms...played with the multithreading concept but its not helping either....<br>
<br>Please help this is my only hope...any suggestions are most appreciated...<br><br>Cheers!<br>Abhi <br>
<br>_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br></blockquote></div><br>Try setting max-pending-packets(in the yaml file) to something like 5k-10k<br clear="all"><br>-- <br>Regards,<br>Anoop Saldanha<br><br>