[Oisf-users] What does it means??

Peter Manev petermanev at gmail.com
Fri Oct 11 11:53:16 UTC 2013 

>>
>
> Hi Peter,
>
>  Yes, I have tried different nics with same result. But I've done
> another test. I have reinstalled this host but using FreeBSD 8.4 amd64
> and here are the results:
>
> 11/10/2013 -- 11:27:15 - <Info> - stream.reassembly "toclient-chunk-size": 2560
> 11/10/2013 -- 11:27:15 - <Info> - all 2 packet processing threads, 3
> management threads initialized, engine started.
> 11/10/2013 -- 11:27:15 - <Info> - No packets with invalid checksum,
> assuming checksum offloading is NOT used
> 11/10/2013 -- 11:27:15 - <Info> - No packets with invalid checksum,
> assuming checksum offloading is NOT used
> 11/10/2013 -- 11:36:30 - <Info> - Signal Received.  Stopping engine.
> 11/10/2013 -- 11:36:30 - <Info> - 0 new flows, 0 established flows
> were timed out, 0 flows in closed state
> 11/10/2013 -- 11:36:31 - <Info> - time elapsed 555.799s
> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem41) Packets 5845957, bytes 2042472103
> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem41) Pcap Total:6747655
> Recv:6678123 Drop:69532 (1.0%).
> 11/10/2013 -- 11:36:31 - <Info> - Stream TCP processed 5632209 TCP packets
> 11/10/2013 -- 11:36:31 - <Info> - Fast log output wrote 1878 alerts
> 11/10/2013 -- 11:36:31 - <Info> - TLS logger logged 269 requests
> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem42) Packets 5834141, bytes 2037711281
> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem42) Pcap Total:6747681
> Recv:6666460 Drop:81221 (1.2%).
>
> Best. Same suricata config and sysctl options ...Uhmmm, I think I need
> to do more tuning with FreeBSD 9.2 or maybe I need to change suricata
> options for FreeBSD 9.2 ...

This is interesting ...
Let me just confirm, you use:

the same suricata version
the same suricata config and start up line
the same nic interface(driversa and such) and the same traffic
but in one case it is a fresh FreeBSD 8.4 install and in the other
case it is fresh FreeBSD 9.2 install

and you get a big diffference in the packets drop, correct?

thanks

-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list