[Oisf-users] Kernel packets drops in AFpacket AUTO mode

Anoop Saldanha anoopsaldanha at gmail.com
Thu Jun 13 18:05:43 UTC 2013 

On Thu, Jun 13, 2013 at 11:06 PM, Fernando Sclavo <fsclavo at gmail.com> wrote:
> Here are the answers:
>
> Will: as you mentioned, AMD has a technology called "Turbo  core", but I
> disabled frequency stepping in BIOS, setting power management to "Maximun
> Performance". In this mode, all cores run at 2.70Mhz all the time.
>
> Anoop: is there any repo with dev suricata or I need to compile it?

You will have to pull it from the repo -

git clone git://phalanx.openinfosecfoundation.org/oisf.git

run autogen.sh, then the normal ./configure;make;make install.

>
> Peter: I tried Suricata with no rules for about an hour with no kernel drops
> (business hour with real traffic)
>
> Victor: disabled all decode, http and smtp events rules as suggested.
>

Noticed any difference post this?

> Thanks for your help!
>
>
>
> 2013/6/13 Victor Julien <lists at inliniac.net>
>>
>> On 06/12/2013 08:28 PM, Fernando Sclavo wrote:
>> >  - decoder-events.rules # available in suricata sources under rules dir
>> >  - http-events.rules    # available in suricata sources under rules dir
>> >  - smtp-events.rules    # available in suricata sources under rules dir
>>
>> Are you getting a lot of hits on these? They are quite efficient if the
>> traffic is okay, but if there are a lot of protocol warnings/errors they
>> can be quite inefficient. Maybe it's worth a shot to disable them for a
>> few days.
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/



-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------

More information about the Oisf-users mailing list