[Oisf-users] IPS mode performance is very poor, why?
tingwei liu
tingw.liu at gmail.com
Thu Mar 1 09:11:46 UTC 2012
On Wed, Feb 29, 2012 at 6:57 PM, tingwei liu <tingw.liu at gmail.com> wrote:
> I have installed suricata-1.2.1 with enable nfqueue on fedora 15 system.
>
> #>iptables -I FORWARD -j NFQUEUE --queue-num 3
> #>suricata -c /etc/suricata/suricata.yaml -q 3 -D
> Only emergency-ftp.rules loaded.
>
> It works, but performance is very poor.
> I test it by transfer files from ftp server.
> Before running last two commands, the bandwidth is 100Mbps;
> After nfqueue and suricata running, the bandwidth only 1Mbps.
>
>
> Who can tell me which parameters should be changed ?
> Thanks!
I have test some parameters. I find the key is network topology.
If suricata run a linux server with bridge mode, it's performance is poor.
If suricata run a linux server which is a gataway, it's good.
Why?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120301/5e171b31/attachment-0002.html>
More information about the Oisf-users
mailing list