[Oisf-devel] suricata testing
rmkml
rmkml at free.fr
Fri May 14 07:13:37 EDT 2010
Hi SDT (Suricata Devel Team),
Im start playing with 16 core server for suricata (v0.9.1pre git12may).
Im test with sp*rent test center gig and udp only src_port=dst_port=1024, size 1460 (zero filled) at this time on IDS mode.
system is rhelv5.5i386 without pfring, but in this test, it's not a pb for me.
network card is internal Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.0.2 (Aug 21, 2009).
1) with all my personal signatures (+old community rules)
-- 7565 signatures processed. 8 are IP-only rules, 6567 are inspecting packet payload, 1490 inspect application layer
result: 1597% cpu (16core), udp frame rate sending by sp*rent 12.668/18.496.000octet/148MBit (15% sending possibility)
suricata stats.log file:
decoder.pkts | Decode1 | 4076896
decoder.pkts_per_sec | Decode1 | 15044.714286
decoder.bytes | Decode1 | 5935960576
decoder.bytes_per_sec | Decode1 | 21905104.000000
decoder.mbit_per_sec | Decode1 | 175.240832
decoder.ipv4 | Decode1 | 4076896
decoder.ethernet | Decode1 | 4076896
decoder.udp | Decode1 | 4076896
decoder.avg_pkt_size | Decode1 | 1456.000000
decoder.max_pkt_size | Decode1 | 1456
(removed all field contains 0)
top output:
top - 14:42:59 up 1 day, 22:06, 4 users, load average: 16.36, 13.77, 9.79
Tasks: 236 total, 2 running, 234 sleeping, 0 stopped, 0 zombie
Cpu0 : 6.9%us, 13.9%sy, 79.2%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu2 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu3 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu4 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu5 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu6 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu7 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu8 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu9 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu10 : 99.0%us, 1.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu11 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu12 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu13 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu14 :100.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu15 : 95.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 5.0%si, 0.0%st
Mem: 12464792k total, 12057272k used, 407520k free, 170072k buffers
Swap: 10482404k total, 2144k used, 10480260k free, 9272564k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
8059 root 15 0 504m 253m 1348 S 1595.9 2.1 119:10.11 suricata
2) same test without signature on suricata:
top output:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
10660 root 15 0 280m 31m 1312 S 88.3 0.3 0:30.11 suricata
3) suricata without signature receiving 1Gbit rate:
top output:
top - 14:55:16 up 1 day, 22:18, 4 users, load average: 4.53, 5.69, 7.99
Tasks: 236 total, 1 running, 235 sleeping, 0 stopped, 0 zombie
Cpu0 : 29.4%us, 60.8%sy, 0.0%ni, 9.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 1.0%us, 12.9%sy, 0.0%ni, 86.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu2 : 0.0%us, 10.9%sy, 0.0%ni, 89.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu3 : 1.0%us, 14.7%sy, 0.0%ni, 84.3%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu4 : 0.0%us, 12.0%sy, 0.0%ni, 88.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu5 : 1.0%us, 12.0%sy, 0.0%ni, 87.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu6 : 0.0%us, 11.0%sy, 0.0%ni, 89.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu7 : 0.0%us, 13.9%sy, 0.0%ni, 86.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu8 : 0.0%us, 11.9%sy, 0.0%ni, 88.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu9 : 0.0%us, 13.1%sy, 0.0%ni, 86.9%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu10 : 1.0%us, 10.9%sy, 0.0%ni, 88.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu11 : 0.0%us, 13.0%sy, 0.0%ni, 87.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu12 : 0.0%us, 12.0%sy, 0.0%ni, 88.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu13 : 1.0%us, 13.9%sy, 0.0%ni, 85.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu14 : 1.0%us, 13.0%sy, 0.0%ni, 86.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu15 : 0.0%us, 13.1%sy, 0.0%ni, 72.7%id, 0.0%wa, 0.0%hi, 14.1%si, 0.0%st
Mem: 12464792k total, 11836420k used, 628372k free, 170492k buffers
Swap: 10482404k total, 2144k used, 10480260k free, 9273984k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
10660 root 15 0 280m 31m 1312 S 284.3 0.3 10:42.76 suricata
suricata stats.log file:
decoder.pkts | Decode1 | 27887010
decoder.pkts_per_sec | Decode1 | 126469.500000
decoder.bytes | Decode1 | 40603486560
decoder.bytes_per_sec | Decode1 | 184139592.000000
decoder.mbit_per_sec | Decode1 | 1473.116736
decoder.ipv4 | Decode1 | 27887010
decoder.ethernet | Decode1 | 27887010
decoder.udp | Decode1 | 27887010
decoder.avg_pkt_size | Decode1 | 1456.000000
decoder.max_pkt_size | Decode1 | 1456
Regards
Rmkml
More information about the Oisf-devel
mailing list