[Oisf-users] Suricata 1 Thread, Af_packet IPS
Stephen Watson
steve at mansfieldweather.com
Sun Nov 10 04:27:19 UTC 2013
I've setup Suricata as an IPS running in af_packet mode. I ran it for a
while on 2.6 Kernel then decided to move to 3.8 Kernel for multi thread
testing.
On the 2.6 Kernel the Suricata process CPU usage was showing 130% (dual core
CPU) at 20 Mbit throughput, yet on the 3.8 Kernel the Suricata thread is
still at 130% on 20 Mbit, the other worker threads have very low loading, it
seems the main suricate thread is what has the big hit on the resources.
So I can't see any advantage on running the 3.8 Kernel over the 2.6 for a 20
Mbit internet connection at this point.
Regards,
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131109/826d9a69/attachment.html>
More information about the Oisf-users
mailing list