[Oisf-users] Receive rate dropped
Jose Vila
jovimon at gmail.com
Wed Dec 17 11:47:04 UTC 2014
Hello,
I just updated to Suricata 2.0.3 and PF_RING 6.0.3 from SVN, and this
behaviour still persists.
Can someone help?
Thanks.
On Tue, Dec 16, 2014 at 10:28 AM, Jose Vila <jovimon at gmail.com> wrote:
>
> Hello list,
>
> I'm moving from snort to Suricata, and I'm getting some problems.
>
> Before I had Snort 2.9.3.1 w/PF_RING 5.5.0, and had to pass parameter
> "--daq-var no-kernel-filters=1" to Snort because the packet receive rate
> was slowly decreasing to the point of only 1/10 of the traffic being
> processed by Snort.
>
> Now with Suricata 2.0.3 and PF_RING 5.5.0 i'm seeing the same behaviour
> ...
>
> If I count lines of log written to eve.json as Peter Manev does (see [1]),
> at suricata's start i get 2K-5K logs per second, but after a couple of days
> I only get 5-20 entries per second. Also, drop counters in stats.log turned
> from less than 0.1% to around 10%.
>
> Is there a way to pass this variable (no-kernel-filters) to PF_RING
> through Suricata?
>
> Thanks,
>
> Jose Vila.
>
> [1]
> http://pevma.blogspot.com.es/2014/05/logs-per-second-on-evejson-good-and-bad.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141217/a2d18648/attachment-0002.html>
More information about the Oisf-users
mailing list