[Oisf-users] What does it means??

Peter Manev petermanev at gmail.com
Fri Oct 11 12:18:24 UTC 2013 

On Fri, Oct 11, 2013 at 2:10 PM, C. L. Martinez <carlopmart at gmail.com> wrote:
> On Fri, Oct 11, 2013 at 11:53 AM, Peter Manev <petermanev at gmail.com> wrote:
>>>>
>>>
>>> Hi Peter,
>>>
>>>  Yes, I have tried different nics with same result. But I've done
>>> another test. I have reinstalled this host but using FreeBSD 8.4 amd64
>>> and here are the results:
>>>
>>> 11/10/2013 -- 11:27:15 - <Info> - stream.reassembly "toclient-chunk-size": 2560
>>> 11/10/2013 -- 11:27:15 - <Info> - all 2 packet processing threads, 3
>>> management threads initialized, engine started.
>>> 11/10/2013 -- 11:27:15 - <Info> - No packets with invalid checksum,
>>> assuming checksum offloading is NOT used
>>> 11/10/2013 -- 11:27:15 - <Info> - No packets with invalid checksum,
>>> assuming checksum offloading is NOT used
>>> 11/10/2013 -- 11:36:30 - <Info> - Signal Received.  Stopping engine.
>>> 11/10/2013 -- 11:36:30 - <Info> - 0 new flows, 0 established flows
>>> were timed out, 0 flows in closed state
>>> 11/10/2013 -- 11:36:31 - <Info> - time elapsed 555.799s
>>> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem41) Packets 5845957, bytes 2042472103
>>> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem41) Pcap Total:6747655
>>> Recv:6678123 Drop:69532 (1.0%).
>>> 11/10/2013 -- 11:36:31 - <Info> - Stream TCP processed 5632209 TCP packets
>>> 11/10/2013 -- 11:36:31 - <Info> - Fast log output wrote 1878 alerts
>>> 11/10/2013 -- 11:36:31 - <Info> - TLS logger logged 269 requests
>>> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem42) Packets 5834141, bytes 2037711281
>>> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem42) Pcap Total:6747681
>>> Recv:6666460 Drop:81221 (1.2%).
>>>
>>> Best. Same suricata config and sysctl options ...Uhmmm, I think I need
>>> to do more tuning with FreeBSD 9.2 or maybe I need to change suricata
>>> options for FreeBSD 9.2 ...
>>
>> This is interesting ...
>> Let me just confirm, you use:
>>
>> the same suricata version
>> the same suricata config and start up line
>> the same nic interface(driversa and such) and the same traffic
>> but in one case it is a fresh FreeBSD 8.4 install and in the other
>> case it is fresh FreeBSD 9.2 install
>>
>> and you get a big diffference in the packets drop, correct?
>>
>
> a/ I have used same suricata version in both FreeBSD hosts
> b/ I have used netmap in both installations (and device polling to
> avoid "interrupts stormings")
> c/ I have use same suricata config file
> d/ I have use same physical nic in both installations.
>
> ... All correct Peter ... Next week, I will move this FreeBSD inside
> KVM host if you need I will do more tests ...

I would like to pinpoint  what is causing the difference.(if all on
Suricata's side is the same)
There is the cfg2html tool that you could use to get a detailed
inventory on the two machines and compare the reports.

thanks

-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list