[Oisf-devel] Performance Boosts

Peter Manev petermanev at gmail.com
Fri Mar 23 16:00:20 UTC 2012 

On Fri, Mar 23, 2012 at 2:07 PM, Josh White <josh at securemind.org> wrote:

> Victor,
>
> I have a complete system ready to go to re-run all the tests from the
> paper.

Josh, what does "test from the paper" mean - which paper?



> I will gladly do so this weekend if you think that the current GIT is
> going to have the best performance enhancements in the short term.
>
> Josh
>
>  On Fri, Mar 23, 2012 at 3:56 AM, Victor Julien <victor at inliniac.net>wrote:
>
>> On 03/23/2012 05:46 AM, Brant Wells wrote:
>> > Hi All,
>> >
>> > I just wanted to report in...  The latest GIT version that I am running
>> > (Suricata 1.3dev (rev 22349f8)) has given me some very notable
>> improvements!
>> >
>> > I almost wondered if Suricata had crashed a few minutes ago, because my
>> > web interface to BASE was lighting fast!
>> >
>> > Anyhow, I did some checking and suricata is now running steady between
>> > ~30% and 75% CPU usage... and roughtly 11% of my system memory (Quad
>> > core / 4GB box)...  Before it was running at 99% Cpu usage and consuming
>> > 60% of the boxes RAM.
>>
>> That memory things has me somewhat worried. We did do some optimization,
>> but nothing should result in a factor 6 reduction I think.
>>
>> What was the Suricata version you used before this?
>>
>> > I went to check my stats.log and noticed that it was at the 2gb file
>> > limit, lol, so i don't have any hard numbers right now.  I will restart
>> > it tomorrow and get some...
>> >
>> > I am using the suricata.yaml that comes with the source, and have only
>> > modified the IP Addresses to match my network, all other settings have
>> > been left at default...
>>
>> We did change the default runmode from auto to autofp, which should
>> scale much better:
>> http://www.inliniac.net/blog/2012/03/23/suricata-runmode-changes.html
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Oisf-devel mailing list
>> Oisf-devel at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>
>>
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120323/a986a386/attachment-0002.html>

More information about the Oisf-devel mailing list