[Oisf-devel] Performance Boosts

Peter Manev petermanev at gmail.com
Fri Mar 23 08:38:21 UTC 2012


On Fri, Mar 23, 2012 at 8:56 AM, Victor Julien <victor at inliniac.net> wrote:

> On 03/23/2012 05:46 AM, Brant Wells wrote:
> > Hi All,
> >
> > I just wanted to report in...  The latest GIT version that I am running
> > (Suricata 1.3dev (rev 22349f8)) has given me some very notable
> improvements!
> >
> > I almost wondered if Suricata had crashed a few minutes ago, because my
> > web interface to BASE was lighting fast!
> >
> > Anyhow, I did some checking and suricata is now running steady between
> > ~30% and 75% CPU usage... and roughtly 11% of my system memory (Quad
> > core / 4GB box)...  Before it was running at 99% Cpu usage and consuming
> > 60% of the boxes RAM.
>
> That memory things has me somewhat worried. We did do some optimization,
> but nothing should result in a factor 6 reduction I think.
>
> What was the Suricata version you used before this?
>
> > I went to check my stats.log and noticed that it was at the 2gb file
> > limit, lol, so i don't have any hard numbers right now.  I will restart
> > it tomorrow and get some...
> >
> > I am using the suricata.yaml that comes with the source, and have only
> > modified the IP Addresses to match my network, all other settings have
> > been left at default...
>
> We did change the default runmode from auto to autofp, which should
> scale much better:
> http://www.inliniac.net/blog/2012/03/23/suricata-runmode-changes.html
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>





Hi Brant,

how much traffic do you inspect?

thanks



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120323/d182e2b7/attachment-0002.html>


More information about the Oisf-devel mailing list