[Oisf-users] High packet loss with no rules
Duarte Silva
duarte.silva at serializing.me
Fri Jan 17 16:36:08 UTC 2014
On Friday 17 January 2014 11:12:40 Will Cladek wrote:
> > Hi,
> >
> > I have two suggestions:
> > 1) Please use http://pastebin.com/ for huge copy/pastes like this :)
> > 2) This -
> > www.pevma.blogspot.com/2013/12/suricata-and-grand-slam-of-open-source.htm
> > l - could prove a good starting point.
> >
> >
> > thanks
>
> Thanks to all for the info. It seems that running in AF_PACKET mode is a
> good starting point, as using 1 thread seems to have dropped me down to 10%
> packet loss. However, when trying to increase the threads I get the error:
>
> [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Protocol
> not available
>
> I see that kernel 3.2 is the minimum recommended in your tutorial, so I'm
> guessing my Red Hat 6 box with kernel 2.6.32 is gonna be a non-starter?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
For AF_PACKET with RedHat, I had to compile a custom kernel (currently on
3.10.7.el6). Maybe try with PF_RING first.
Cheers,
Duarte
More information about the Oisf-users
mailing list