[Oisf-users] Suricata on 8 cores, ~70K packets/sec
Chris Wakelin
c.d.wakelin at reading.ac.uk
Tue Feb 15 17:24:58 UTC 2011
On 15/02/11 17:12, rmkml wrote:
> Thx for feedback Chris,
> Do you have tested with last suricata v1.1 beta version please? or
> better with last git version?
Yeah, I should have said, they're (almost) the latest git version (rev
cec7ece on the student one, 91213d5, on the campus one). I'll update the
student one to be consistent.
> Only for testing, maybe compile suricata with --enable-profiling option
> please?
I'll have a look at that.
> What is your signatures set? maybe test without signatures set please?
emerging-(current_events|trojan|malware|virus|web_specific_apps).rules
plus a couple of p2p rules and some local rules to match e-mail account
phishing forms.
> can you test with more max-pending-packets like 5000 or more?
I'll try!
> Regards
> Rmkml
>
On 15/02/11 17:09, Eric Leblond wrote:
> You may have a look at this post on my blog:
> http://home.regit.org/?p=438
> A git version of suricata is required for the fine tuning described in
> the page but you can also play with the threads multiplicator. On a eight
> core, you could try something lower like 0.25.
>
> BR,
That looks very interesting! I'll try 0.25. They're two quad-core
processors, without hyperthreading.
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-users
mailing list