[Oisf-users] Just what does "capture.kernel_drops" count?
Cooper F. Nelson
cnelson at ucsd.edu
Wed Aug 20 15:41:50 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What are your sysctl settings? We run this for our 10G sensor, ~500K PPS.
> net.core.netdev_max_backlog = 8000000
> net.core.rmem_default = 1073741824
> net.core.rmem_max = 1073741824
On 8/18/2014 6:12 PM, Russell Fulton wrote:
> Hi
>
> I am using pfring and suri together and I am seeing significant number (~50%) of capture.kernel_drops at peak times.
>
> capture.kernel_packets | RxPFReth31 | 2404928581
> capture.kernel_drops | RxPFReth31 | 1434169109
>
> *stats over 10 minutes)
>
> according to our cpacket switch interface is seeing about 2.5Gbps and 360K pps.
>
> This sensor is also running bro which I may well have to drop.
>
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJT9MG+AAoJEKIFRYQsa8FW+OQH/i/XhHx5OELHep/GQRqztcsc
RBzFJg61m4keKTk8YrKeapa7m/r8Spq5OaSh0phE1Ll0q7laXdS340+PfW5VNGIn
qWuUxycK9T8nS/WAl7NI4HlguW9LklOyhlIIAjKsyI9rz6DSzzIZztI+HZqbQ8i5
GlsO/7QHmBR5ik/G0ri+OG6C2D8wiSjaph7FFJF9HdsxtPlHX0F0sVy+QDPj2ZSD
yUJ6KsGcEXE6PaR70NRbU+62sHiVHQvDhdhNn/mN9L2d4fYlXqKnMTbbHVgZf7zX
2Vdzl2LKN6zZTMbetn5mutdvdeQvdFaSbtPd3C2D9I+EIMgp6Aymdftto5AeDS0=
=tB0S
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list