[Oisf-users] where are my missing packets ?
Martin Holste
mcholste at gmail.com
Thu Mar 1 15:14:51 UTC 2012
What is the runmode for suricata? I recommend using autofp with PF_RING.
On Thu, Mar 1, 2012 at 8:33 AM, Travel Factory S.r.l. <mc8647 at mclink.it> wrote:
>
> Today I installed PF_RING and noticed strange cpu usage.
> From time to time only ONE cpu goes 100% and the others stay at 0 and
> suricata stops working...
>
> probably it is not correctly setup...
>
> ./pfcount -i eth4
> reports a traffic of about 0,2 gigabit
>
> but suricata doesn't log anything...
>
> suricata is version 1.2.1 and PF_RING is git...
>
> suricata -c /etc/suricata/suricata.yaml --pfring-int=eth4
> --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow
>
> (RxPFR1) Using PF_RING v.5.3.1, interface eth4, single-pfring-thread
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list