<div dir="ltr">Here are the answers:<br><br>Will: as you mentioned, AMD has a technology called "Turbo core", but I disabled frequency stepping in BIOS, setting power management to "Maximun Performance". In this mode, all cores run at 2.70Mhz all the time.<br>
<br>Anoop: is there any repo with dev suricata or I need to compile it?<br><br>Peter: I tried Suricata with no rules for about an hour with no kernel drops (business hour with real traffic)<br><br>Victor: disabled all decode, http and smtp events rules as suggested.<br>
<br>Thanks for your help!<br><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/6/13 Victor Julien <span dir="ltr"><<a href="mailto:lists@inliniac.net" target="_blank">lists@inliniac.net</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 06/12/2013 08:28 PM, Fernando Sclavo wrote:<br>
> - decoder-events.rules # available in suricata sources under rules dir<br>
> - http-events.rules # available in suricata sources under rules dir<br>
> - smtp-events.rules # available in suricata sources under rules dir<br>
<br>
</div>Are you getting a lot of hits on these? They are quite efficient if the<br>
traffic is okay, but if there are a lot of protocol warnings/errors they<br>
can be quite inefficient. Maybe it's worth a shot to disable them for a<br>
few days.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
---------------------------------------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</div></div></blockquote></div><br></div>