[Oisf-users] High packet loss with no rules
Peter Manev
petermanev at gmail.com
Fri Jan 17 15:36:04 UTC 2014
On Fri, Jan 17, 2014 at 4:29 PM, Will Cladek <will.cladek at nrl.navy.mil> wrote:
> Apologies for the newbie question, but I'm experiencing a huge amount of
> packet loss on my new suricata 1.4.7 installation and can't figure out why
> or what settings I may be missing.
>
> The system has an Intel Xeon X5675 (12 cores counting hyperthreading) with
> 16 GB RAM. I routinely get 30% packet loss when running suricata on about
> 300 Mbps of traffic, even with no rules enabled. (When I just tcpdump to a
> file I see about 1% traffic loss.)
>
> The memory usage also never seem to be terribly high on the system. It'll
> be about 1% with default settings, while setting the stream max-sessions and
> prealloc-sessions to the values below brings it to around 10% without
> helping the packet loss.
>
> Is there something super-obvious I'm missing as to why I'm seeing such
> packet loss?
>
> I've included my .yaml (sans comments) at the bottom along with a sample
> run.
>
> Side question, maybe unrelated: when I set the run mode to "workers" in the
> .yaml or with the --runmode command line option, I still see in the startup
> logging:
>
> AutoFP mode using default "Active Packets" flow load balancer
>
> Does that mean it's still only using autofp, not workers?
>
Hi,
I have two suggestions:
1) Please use http://pastebin.com/ for huge copy/pastes like this :)
2) This - www.pevma.blogspot.com/2013/12/suricata-and-grand-slam-of-open-source.html
- could prove a good starting point.
thanks
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list