[Oisf-users] Suricata and CPU threads
Peter Bates
peter.bates at ucl.ac.uk
Thu Aug 23 11:53:46 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
First of all, congratulations on Suricata 1.3.1!
I've been reading the 'Threading' section of
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml
and would still appreciate a few pointers.
I'm intending to use PF_RING for packet capture and am used to
spawning multiple instances of Snort which are specifically bound to
CPU cores -
and also running 'set_irq_affinity.sh' to tie ixgbe IRQs to specific
cores.
I have 16 cores/32 threads - will the default suricata.yaml work
accordingly if I select --pfring-int=ethX ?
I'm tempted to compare AF_PACKET + PACKET_FANOUT against PF_RING but
I'm not keen on running too many 'experimental' (to quote
suricata.yaml) features.
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJQNhnKAAoJELhVoVpEMS6RulkIALHEKS7mz8lj4/j4TUDtjiH9
57dwxCOl9rWaapNGRoJ0VFK3UNBbto0C7T5eGgMGRWU79B+TBDFj2Qs4O0Xy5E91
bXB304+D0blhJ9cZ+2pwE43KmQs9rMBiiRS0aAJeMRRcnrK8htQidrxd643OsN+V
DU4PJ3SnlgHn8cx5DAEZCyyZCWn3WacPWmMktQzUEUCA5bQCWNbarUhTPNo+7llV
+GoIglk/5Jn3MgQ1J0oqx2HlprVdviSvkxFNEpF/uUPQKLpZyW0RjsKv2zuiMjtu
UxsqYWHdcnelZ9/8Z8V23CVncczgvqFWxlTegT7RdHOCrnDqG7Uy+n67wLE8sDs=
=rmoA
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list