<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_1_1444311546408_2726">Hi all,</div><div id="yui_3_16_0_1_1444311546408_2726"><br></div><div id="yui_3_16_0_1_1444311546408_2726" dir="ltr">I'm building a new Suricata instance to replace our old production system (running on old Core 2 Duo processors, 8gb memory, seeing load averages in the 15-18 range). The new hardware is a server with 2 processor (10 cores per) Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz with hyperthreading turned off, running 128Gb of memory and a Napatech NT20E2-PTP-CAP. The OS is Ubuntu 14.04 Server 64 bit and I've just downloaded and compiled 2.0.9 of Suricata.</div><div id="yui_3_16_0_1_1444311546408_2726" dir="ltr"><br></div><div id="yui_3_16_0_1_1444311546408_2726" dir="ltr">Using the basic configuration for the default Napatech ntservice.ini and suricata.yaml file, running just over 24,000 ET Pro and custom signatures, the new system is triggering on the same alerts as our current production system - maybe triggering on one or two more alerts here and there. I know there's more to squeeze out of this configuration, but I'm stuck on how to get to that level. The reseller we purchased the Napatech card isn't familiar with incorporating Suricata with the card, so they don't have any examples for me to use.</div><div id="yui_3_16_0_1_1444311546408_2726" dir="ltr"><br></div><div id="yui_3_16_0_1_1444311546408_2726" dir="ltr">Any ideas or thoughts on how to get this new environment tuned up would be greatly appreciated!!</div><div id="yui_3_16_0_1_1444311546408_2726" dir="ltr"><br>Thanks,</div><div id="yui_3_16_0_1_1444311546408_2726" dir="ltr">Steve</div></div></body></html>