[Oisf-users] FW: Performance of pcap-log output
Peter Manev
petermanev at gmail.com
Tue Oct 23 19:27:37 UTC 2012
Hi,
The speeds that you are achieving are very low, almost impossible :).
Please have a look here (although it uses advanced techniques for your
network card drivers and such, it will be helpful to set up your
suricata.yaml):
https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/
What speeds are you looking at .. on your network interface?
Which version of Suricata are you using?
I am not sure about pcap-log throughput, but i am assuming it will be
hugely dependent on your HDD speed as well.
thanks
On Tue, Oct 23, 2012 at 8:36 PM, Jake Gionet <gionet.jake at gmail.com> wrote:
> Sorry, forgot to include version information
>
> OS: Ubuntu 12.04.1
> Suricata: 1.4beta2
>
>
> > Hello all,
> >
> > I was hoping to get an idea of the performance limits of Suricata's
> pcap-log output format.
> >
> > I would really like to configure Suricata for both signature detection
> and packet capturing. However, from the testing I've been able to do it
> appears to drop a significant amount of packets (more than it actually
> captured) at relatively low network speeds. The traffic I'm currently
> testing with averages around 85 Mb/s and Suricata hasn't been able to keep
> up. Even during timeframes of ~35 Mb/s it is not capturing most packets.
> It is bursty, but tcpdump has had no issue keeping up with the traffic.
> >
> > Has anybody been able to use Suricata as a packet capturing application
> at speeds greater than 100 Mb/s?
> > Are there any configurations that would potentially improve performance
> of pcap-log output?
> > What kind of speeds should I expect the pcap-log output to be able to
> keep up with?
> >
> >
> > Thanks,
> > Jake
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20121023/2cd0d259/attachment-0002.html>
More information about the Oisf-users
mailing list