[Oisf-devel] Performance Boosts
Josh White
josh at securemind.org
Fri Mar 23 13:07:45 UTC 2012
Victor,
I have a complete system ready to go to re-run all the tests from the
paper. I will gladly do so this weekend if you think that the current GIT
is going to have the best performance enhancements in the short term.
Josh
On Fri, Mar 23, 2012 at 3:56 AM, Victor Julien <victor at inliniac.net> wrote:
> On 03/23/2012 05:46 AM, Brant Wells wrote:
> > Hi All,
> >
> > I just wanted to report in... The latest GIT version that I am running
> > (Suricata 1.3dev (rev 22349f8)) has given me some very notable
> improvements!
> >
> > I almost wondered if Suricata had crashed a few minutes ago, because my
> > web interface to BASE was lighting fast!
> >
> > Anyhow, I did some checking and suricata is now running steady between
> > ~30% and 75% CPU usage... and roughtly 11% of my system memory (Quad
> > core / 4GB box)... Before it was running at 99% Cpu usage and consuming
> > 60% of the boxes RAM.
>
> That memory things has me somewhat worried. We did do some optimization,
> but nothing should result in a factor 6 reduction I think.
>
> What was the Suricata version you used before this?
>
> > I went to check my stats.log and noticed that it was at the 2gb file
> > limit, lol, so i don't have any hard numbers right now. I will restart
> > it tomorrow and get some...
> >
> > I am using the suricata.yaml that comes with the source, and have only
> > modified the IP Addresses to match my network, all other settings have
> > been left at default...
>
> We did change the default runmode from auto to autofp, which should
> scale much better:
> http://www.inliniac.net/blog/2012/03/23/suricata-runmode-changes.html
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120323/9d950eb3/attachment.html
More information about the Oisf-devel
mailing list