[Oisf-users] where are my missing packets ?
mc8647
mc8647 at mclink.it
Thu Feb 23 00:15:15 UTC 2012
Thanks for reply.
The server is a HP DL360G7, it has 4 onboard lan ports...
We are testing a proprietary IDS with another mirror port on a twin
server (they are identically configured hardware).
This proprietary IDS runs inside a esx4 VM with 8 cpu and it has no
missing packets!
So with less CPUs, less ram, and with esx overhead it is able to not
lose packets. I think it is linux based with highly personlized setup,
for example it supports just 3 hardware servers and esx VMs.
"If I stop suricata with ctrl-c I get a message stating about 25%
packets missed." should have been
If I stop suricata with ctrl-c I get a message stating that from 3 to about 25% packets were missed depending on the run.
Francesco
More information about the Oisf-users
mailing list