[Oisf-users] Suricata and CPU threads
Victor Julien
victor at inliniac.net
Fri Aug 24 10:03:41 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric's post
https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/ also has
some example config on irq affinity and other performance config options.
On 08/23/2012 05:23 PM, Martin Holste wrote:
> You should set the cluster-id for pfring as well as the
> cluster-type: cluster_flow in suricata.yaml. Also, you should set
> threads: 8 (no more than 8 or you get diminishing returns). If you
> set the interface, then you can start with --pfring instead of
> --pfring-int= .
>
> On Thu, Aug 23, 2012 at 6:53 AM, Peter Bates
> <peter.bates at ucl.ac.uk> wrote:
>
> Hello all
>
> First of all, congratulations on Suricata 1.3.1!
>
> I've been reading the 'Threading' section of
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml
>
> and would still appreciate a few pointers.
>
> I'm intending to use PF_RING for packet capture and am used to
> spawning multiple instances of Snort which are specifically bound
> to CPU cores - and also running 'set_irq_affinity.sh' to tie ixgbe
> IRQs to specific cores.
>
> I have 16 cores/32 threads - will the default suricata.yaml work
> accordingly if I select --pfring-int=ethX ?
>
> I'm tempted to compare AF_PACKET + PACKET_FANOUT against PF_RING
> but I'm not keen on running too many 'experimental' (to quote
> suricata.yaml) features.
>
>>
>> _______________________________________________ Oisf-users
>> mailing list Oisf-users at openinfosecfoundation.org
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>>
_______________________________________________
> Oisf-users mailing list Oisf-users at openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlA3UX0ACgkQiSMBBAuniMdxOwCfUvtvqnpETA1h4cttHSTVvuzN
nyUAn1yZTBN58s0Fqtf5L/AaTT4YPaoL
=ALiW
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list