[Oisf-devel] 77b708=WIN?
Martin Holste
mcholste at gmail.com
Mon Sep 26 18:16:01 UTC 2011
I continued to have segfaults with recent versions, so I tried today's
HEAD commit of 77b7089f796f3ee5e984b35a780c2f1cf9f85209. The jury is
still out on segfaults (it's only been running for a little over an
hour), but something amazing has occurred: For the first time ever,
an IDS has successfully not dropped a single heartbeat during our noon
peak traffic time period! Granted I'm running our "light" ruleset of
only about 4k rules, but we usually experience packet loss 10-30% with
the same ruleset. I've never seen a perfect score for over an hour!
So, I'm not sure what you tweaked in the last few days for this
commit, but it has a massive performance improvement when running
with:
max-pending-packets: 5000
runmode: autofp
- sgh-mpm-context: full
mpm-algo: ac
8 PF_RING threads (PF_RING 5.0.1)
For reference, prior Suricata's were dropping about 30%, and 16 Snorts
all load-balanced with PF_RING were in the 10-25% drop range during
peak traffic. At peak, we see about 3500 HTTP requests/sec. If you
can't think of any code changes that would've occurred since September
21 that would cause this, then it had to be one of my config tweaks,
so please let me know.
More information about the Oisf-devel
mailing list