[Oisf-users] Suricata Performance
Frank Knobbe
frank at knobbe.us
Tue Jan 19 19:12:10 UTC 2010
On Mon, 2010-01-18 at 21:25 -0500, Brant Wells wrote:
> Hey Frank,
>
> If you can give me a few details on what you mean?
>
> My CPU usage details come straight from the output of top. On an active network throughput of 20-25 mbits on average (this is at my network's edge).
Well, personally, I think average CPU utilization isn't really all that
important (although here it shows that more than CPU is processing). I
think packet loss due to processing (especially hard to capture CPU
peaks) are more important. Average CPU utilization can appear to be low
but the IDS can still drop a substantial amount of traffic. (because the
capture mechanism is loosing packets which never make it to the IDS
which would spike the CPU if they did).
When I look at IDS performance, I always look at CPU utilization, memory
utilization, and dropped packets at the same time.
Cheers,
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 188 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100119/9d45539e/attachment.sig>
More information about the Oisf-users
mailing list