[Oisf-users] Suricata at > 2Gb
Eric Leblond
eric at regit.org
Tue Sep 4 09:30:56 UTC 2012
Hello,
Le lundi 03 septembre 2012 à 11:38 +0100, Peter Bates a écrit :
> Hello all
>
> Following pointers to
> https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/
>
> I have my Suricata (1.3.1) configured fairly identically -
> but I've increased 'af-packet: threads' to 32
> as I have 32 CPU threads (2 x 8C CPUs, 64Gb RAM).
>
> I have the ixgbe although I haven't configured it for RSS=8
> or updated the driver to accept FdirPballoc as I've been using the
> PF_RING driver to test.
>
> I'm not running irqbalance as I used the set_irq_affinity script to
> set up irq affinity - but I guess that might be part of my problem?
>
> Running things up I'm still dropping packets (example from stats:
>
> capture.kernel_packets | AFPacketeth13 | 29355232
> capture.kernel_drops | AFPacketeth13 | 183400
> capture.kernel_packets | AFPacketeth113 | 21582588
> capture.kernel_drops | AFPacketeth113 | 70033
I'm currently working on improving some fixes for high performance
AF_PACKET, I will let you know when they are publicly available.
> I also noted that when setting user and group with --user/--group
> there are errors like:
> 3/9/2012 -- 11:37:21 - <Error> - [ERRCODE:
> SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread
> AFPacketeth132: Operation not permitted
>
> I'd rather not run as root however.
Can you open a ticket on this last issue ?
BR,
--
Eric Leblond
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120904/12671169/attachment.sig>
More information about the Oisf-users
mailing list