<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Menlo;

        panose-1:0 0 0 0 0 0 0 0 0 0;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

pre

        {mso-style-priority:99;

        mso-style-link:"HTML Preformatted Char";

        margin:0in;

        margin-bottom:.0001pt;

        font-size:10.0pt;

        font-family:"Courier New";}

p.msonormal0, li.msonormal0, div.msonormal0

        {mso-style-name:msonormal;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

p.gmail-m7964226538806684005gmail-p1, li.gmail-m7964226538806684005gmail-p1, div.gmail-m7964226538806684005gmail-p1

        {mso-style-name:gmail-m_7964226538806684005gmail-p1;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

span.gmail-m7964226538806684005gmail-s1

        {mso-style-name:gmail-m_7964226538806684005gmail-s1;}

span.gmail-m7964226538806684005gmail-apple-converted-space

        {mso-style-name:gmail-m_7964226538806684005gmail-apple-converted-space;}

p.gmail-m7964226538806684005gmail-p2, li.gmail-m7964226538806684005gmail-p2, div.gmail-m7964226538806684005gmail-p2

        {mso-style-name:gmail-m_7964226538806684005gmail-p2;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

span.EmailStyle23

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:#1F497D;}

span.HTMLPreformattedChar

        {mso-style-name:"HTML Preformatted Char";

        mso-style-priority:99;

        mso-style-link:"HTML Preformatted";

        font-family:"Courier New";}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi Fatema,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">That’s interesting because the way I read it from this article<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Myricom">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Myricom</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">You could set them on the command line like this…<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">SNF_NUM_RINGS=16 SNF_DATARING_SIZE=17179869184 SNF_DESCRING_SIZE=4294967296 SNF_FLAGS=0x1 suricata -c suricata.yaml -i eth5 --runmode=workers<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I only use Myricom cards on my Zeek servers so I haven’t tested it and it has no such restrictions.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Good luck,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Craig<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> fatema bannatwala <fatema.bannatwala@gmail.com>

<br>

<b>Sent:</b> Friday, June 19, 2020 1:16 PM<br>

<b>To:</b> Edgmand, Craig <craig.edgmand@okstate.edu><br>

<b>Cc:</b> Open Information Security Foundation <oisf-users@lists.openinfosecfoundation.org><br>

<b>Subject:</b> Re: [Oisf-users] Capture loss ~50% reported using Myricom with Suri v 5.0.2<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt;max-width:90%">

<p class="MsoNormal" align="center" style="text-align:center;background:#F5D07A">

<strong><span style="color:#7F1606">CAUTION:</span></strong><span style="color:black"> This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe

<o:p></o:p></span></p>

</div>

<div>

<div>

<p class="MsoNormal">Thanks Craig, I tried increasing SNF_DATARING_SIZE, but that variable gets overwritten and controlled by pcap.buffer-size in suricata.yml file which allows a max of 2gb, can't set more than that.

<o:p></o:p></p>

<div>

<p class="MsoNormal">Hence setting SNF_DATARING_SIZE explicitly has no effect since. <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

<div>

<p class="MsoNormal">This has been done:<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Verdana",sans-serif;color:#333333">The following pull request opened by Myricom in the libpcap project indicates that a future SNF software release could provide support for setting the SNF_DATARING_SIZE

 via the pcap.buffer-size yaml setting:</span><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal">Ref: <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fthe-tcpdump-group%2Flibpcap%2Fpull%2F435&data=02%7C01%7Ccraig.edgmand%40okstate.edu%7Cd4444c14ab184963043408d8147cf441%7C2a69c91de8494e34a230cdf8b27e1964%7C0%7C0%7C637281874192318869&sdata=jhJDwiTawSglR4%2FOm33%2F685%2B2oXHYSnzu0ysXIj0%2BaE%3D&reserved=0"><span style="font-size:9.0pt;font-family:"Verdana",sans-serif;color:#C61A1A">https://github.com/the-tcpdump-group/libpcap/pull/435</span></a><o:p></o:p></p>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div>

<p class="MsoNormal">On Fri, Jun 19, 2020 at 11:09 AM Edgmand, Craig <<a href="mailto:craig.edgmand@okstate.edu">craig.edgmand@okstate.edu</a>> wrote:<o:p></o:p></p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi Fetema,</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Not an expert, but have you tried increasing these</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">SNF_DATARING_SIZE=4096MB</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">SNF_DESCRING_SIZE=1024MB</span></span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">If you have the memory, I would multiply these by a factor of 4.  On my servers these numbers are huge.

 Might also increase buffer size.</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks,</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Craig</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Oisf-users <<a href="mailto:oisf-users-bounces@lists.openinfosecfoundation.org" target="_blank">oisf-users-bounces@lists.openinfosecfoundation.org</a>>

<b>On Behalf Of </b>fatema bannatwala<br>

<b>Sent:</b> Friday, June 19, 2020 12:59 PM<br>

<b>To:</b> Open Information Security Foundation <<a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank">oisf-users@lists.openinfosecfoundation.org</a>><br>

<b>Subject:</b> [Oisf-users] Capture loss ~50% reported using Myricom with Suri v 5.0.2</span><o:p></o:p></p>

</div>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

<div style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt;max-width:90%">

<p class="MsoNormal" align="center" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:center;background:#F5D07A">

<strong><span style="color:#7F1606">CAUTION:</span></strong><span style="color:black"> This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe

</span><o:p></o:p></p>

</div>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hello Experts,

<o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Need some help tuning down our prod suricata box running Suricata v 5.0.2 with Myricom NIC: 10G-PCIE-8B-S myri_snf 3.0.20.50894<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">It is consistently reporting ~50% capture loss, calculated based off of the capture.kernel_packets and capture.kernel_dropped values reported in stats.log file.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I have followed the <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.inliniac.net%2F2012%2F07%2F10%2Fsuricata-on-myricom-capture-cards%2F&data=02%7C01%7Ccraig.edgmand%40okstate.edu%7Cd4444c14ab184963043408d8147cf441%7C2a69c91de8494e34a230cdf8b27e1964%7C0%7C0%7C637281874192328864&sdata=5KgANusNnHK7cijv1B0rUDomBZaosOK8AuD9mTfd2Dg%3D&reserved=0" target="_blank">https://blog.inliniac.net/2012/07/10/suricata-on-myricom-capture-cards/</a><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">guide to pin the cpus to the worker nodes and use pcap.buffer_size to increase the SNF dataring size, but no effect..<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">We have one Myri card connected to p2p1 and two NUMA nodes, each with 8 cores (16 HT):<o:p></o:p></p>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">NUMA node0 CPU(s):     0-7,16-23<br>

NUMA node1 CPU(s):     8-15,24-31 <o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">OS: Centos 7<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Any help in the right direction would be appreciated! :)<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks!<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Fatema<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Following is settings from suricata.yml file<o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"># Myricom support</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">pcap:</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> 

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">- interface: p2p1</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">threads: 14</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">buffer-size: 2gb</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">checksum-checks: no</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">pcap-file:</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">  </span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">checksum-checks:

 auto</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<o:p> </o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">threading:</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> 

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">set-cpu-affinity: yes</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> 

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">cpu-affinity:</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">- management-cpu-set:</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">       

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">cpu: [ "0" ]</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">       

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">mode: "balanced"</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">       

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">prio:</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">         

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">default: "low"</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">- worker-cpu-set:</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">       

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">cpu: [ "1-7","9-15" ]</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">       

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">mode: "exclusive"</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">       

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">prio:</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">         

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">default: "high"</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<o:p> </o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Following is the currently recorded stats.log:<o:p></o:p></p>

</div>

<div>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">------------------------------------------------------------------------------------</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">Date: 6/19/2020 -- 10:55:36 (uptime: 0d, 04h 04m 10s)</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">------------------------------------------------------------------------------------</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">Counter

</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">                                     

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| TM Name

</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">                 

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| Value</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">------------------------------------------------------------------------------------</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">capture.kernel_packets</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> 

                       </span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| Total

</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">                   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| 28447139411</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">capture.kernel_drops</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> 

                         </span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| Total

</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">                   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| 27910518132</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">capture.kernel_ifdrops</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> 

                       </span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| Total

</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">                   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| 6034</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">decoder.pkts</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> 

                                 </span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| Total

</span></span><span class="gmail-m7964226538806684005gmail-apple-converted-space"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">                   

</span></span><span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">| 536633135</span></span><o:p></o:p></p>

</div>

<div>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> </span><o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">SNF parameters:<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><o:p> </o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> </span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">SNF_APP_ID=32</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">SNF_DATARING_SIZE=4096MB</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">SNF_DESCRING_SIZE=1024MB</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">SNF_NUM_RINGS=14</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">SNF_FLAGS=0x1</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p2" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;min-height:18px">

<span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> </span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">LD_PRELOAD="/opt/snf/lib/libpcap.so.1"</span></span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p2" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;min-height:18px">

<span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C"> </span><o:p></o:p></p>

<p class="gmail-m7964226538806684005gmail-p1" style="margin:0in;margin-bottom:.0001pt;background:#FCF8FF;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">

<span class="gmail-m7964226538806684005gmail-s1"><span style="font-size:11.5pt;font-family:"Menlo",serif;color:#650D6C">OPTIONS="--user suricata --group suricata --pcap"</span></span><o:p></o:p></p>

</div>

</div>

</div>

</div>

</div>

</div>

</blockquote>

</div>

</div>

</div>

</body>

</html>