<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><br></div><div><br>On 17 Jan 2017, at 01:49, Maxim <<a href="mailto:hittlle@163.com">hittlle@163.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div id="isForwardContent"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi all, </div><div>I got some information from this post: <a href="https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/." _src="https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/.">https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/.</a> And I am trying to configure a 10G Suricata in my LAN to identify possible internal bad behaviors. <span style="line-height: 1.7;">I followed the instructions there, but I can only get less than 2G per second. Could you please give me some guidance on my configurations? Followings are my hardware information, suricata version, suricata configuration and CPU affinity settings.</span></div><div><br></div><div> Hardware information:</div><div> CPU: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz. 12 physical cores, 24 logical cores</div><div> Memory: 32G </div><div> NIC: Intel 82599ES</div><div> NIC driver: latest </div><div> I configured 16 queues for my NIC.</div><div> Suricata: version 3.2</div><div> Suricata configuration file: please see attached</div><div>I ran suricata using: </div><div> /opt/suricata/bin/suricata -c /opt/suricata/etc/suricata.yaml --af-packet eth4</div><div>eth4 is my Intel NIC name, I only got nearly 3.5G per second. Most of the packets were discarded, all my CPUs are fully used. Could you please give me some hints on this? Many thanks.</div><div><br></div></div></div></div></div></blockquote><div><br></div><div>A detailed guideline you can try -</div><div><br></div><div><a href="https://github.com/pevma/SEPTun">https://github.com/pevma/SEPTun</a></div><div><br></div><div>Thanks </div><br><blockquote type="cite"><div><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div id="isForwardContent"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hittlle</div><div> </div><div><span style="line-height: 1.7;"><br></span></div></div><br><br><span title="neteasefooter"><p> </p></span></div></div><br><br><span title="neteasefooter"><p> </p></span></div></blockquote><blockquote type="cite"><div><suricata.yaml></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a></span><br><span>Site: <a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a></span><br><span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br></div></blockquote></body></html>