[Oisf-users] High packet loss with no rules
Will Cladek
will.cladek at nrl.navy.mil
Fri Jan 17 16:12:40 UTC 2014
> Hi,
>
> I have two suggestions:
> 1) Please use http://pastebin.com/ for huge copy/pastes like this :)
> 2) This - www.pevma.blogspot.com/2013/12/suricata-and-grand-slam-of-open-source.html
> - could prove a good starting point.
>
>
> thanks
>
Thanks to all for the info. It seems that running in AF_PACKET mode is a good starting point, as using 1 thread seems to have dropped me down to 10% packet loss. However, when trying to increase the threads I get the error:
[ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Protocol not available
I see that kernel 3.2 is the minimum recommended in your tutorial, so I'm guessing my Red Hat 6 box with kernel 2.6.32 is gonna be a non-starter?
More information about the Oisf-users
mailing list