[Oisf-users] Kernel packets drops in AFpacket AUTO mode
Fernando Sclavo
fsclavo at gmail.com
Thu Jun 13 17:36:58 UTC 2013
Here are the answers:
Will: as you mentioned, AMD has a technology called "Turbo core", but I
disabled frequency stepping in BIOS, setting power management to "Maximun
Performance". In this mode, all cores run at 2.70Mhz all the time.
Anoop: is there any repo with dev suricata or I need to compile it?
Peter: I tried Suricata with no rules for about an hour with no kernel
drops (business hour with real traffic)
Victor: disabled all decode, http and smtp events rules as suggested.
Thanks for your help!
2013/6/13 Victor Julien <lists at inliniac.net>
> On 06/12/2013 08:28 PM, Fernando Sclavo wrote:
> > - decoder-events.rules # available in suricata sources under rules dir
> > - http-events.rules # available in suricata sources under rules dir
> > - smtp-events.rules # available in suricata sources under rules dir
>
> Are you getting a lot of hits on these? They are quite efficient if the
> traffic is okay, but if there are a lot of protocol warnings/errors they
> can be quite inefficient. Maybe it's worth a shot to disable them for a
> few days.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130613/5c07b0af/attachment-0002.html>
More information about the Oisf-users
mailing list