[Oisf-users] Suricata and CPU threads

Victor Julien victor at inliniac.net
Fri Aug 24 10:03:41 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eric's post
https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/ also has
some example config on irq affinity and other performance config options.

On 08/23/2012 05:23 PM, Martin Holste wrote:
> You should set the cluster-id for pfring as well as the
> cluster-type: cluster_flow in suricata.yaml.  Also, you should set
> threads: 8 (no more than 8 or you get diminishing returns).  If you
> set the interface, then you can start with --pfring instead of
> --pfring-int= .
> 
> On Thu, Aug 23, 2012 at 6:53 AM, Peter Bates
> <peter.bates at ucl.ac.uk> wrote:
> 
> Hello all
> 
> First of all, congratulations on Suricata 1.3.1!
> 
> I've been reading the 'Threading' section of 
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml
>
>  and would still appreciate a few pointers.
> 
> I'm intending to use PF_RING for packet capture and am used to 
> spawning multiple instances of Snort which are specifically bound
> to CPU cores - and also running 'set_irq_affinity.sh' to tie ixgbe
> IRQs to specific cores.
> 
> I have 16 cores/32 threads - will the default suricata.yaml work 
> accordingly if I select --pfring-int=ethX ?
> 
> I'm tempted to compare AF_PACKET + PACKET_FANOUT against PF_RING
> but I'm not keen on running too many 'experimental' (to quote 
> suricata.yaml) features.
> 
>> 
>> _______________________________________________ Oisf-users
>> mailing list Oisf-users at openinfosecfoundation.org 
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>> 
_______________________________________________
> Oisf-users mailing list Oisf-users at openinfosecfoundation.org 
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> 
- -- 
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlA3UX0ACgkQiSMBBAuniMdxOwCfUvtvqnpETA1h4cttHSTVvuzN
nyUAn1yZTBN58s0Fqtf5L/AaTT4YPaoL
=ALiW
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list