[Oisf-users] Configuring cpu affinity for suricata 1.4.7
C. L. Martinez
carlopmart at gmail.com
Fri Mar 7 09:19:55 UTC 2014
On Fri, Mar 7, 2014 at 9:10 AM, Eric Leblond <eric at regit.org> wrote:
> Hello,
>
> On Fri, 2014-03-07 at 09:06 +0000, C. L. Martinez wrote:
>> Hi all,
>>
>> I am running two suricata instances in a host with 6 cores.
>
> Why are you running two instances (simple curiosity) ?
On instance monitors traffic for a proxy that comes/go to/from
internet ... And the other instance monitors traffic that go to proxy
from internal networks.
>
>> I would
>> like to configure cpu affinity for both instances to use only 2,3,4,5
>> cores.
>>
>> For suricata01 I have tried the following config:
>>
>> threading:
>> set-cpu-affinity: no
>
> Set previous variable to yes to have the rest used ;)
Sorry, it is a mistake with cut and paste :))... It is enabled
>
>> cpu-affinity:
>> - management-cpu-set:
>> cpu: [ 2 ] # include only these cpus in affinity settings
>> - receive-cpu-set:
>> cpu: [ 2 ] # include only these cpus in affinity settings
>> - decode-cpu-set:
>> cpu: [ 2,3 ]
>> mode: "balanced"
>> - stream-cpu-set:
>> cpu: [ 2,3 ]
>> - detect-cpu-set:
>> cpu: [ 2 ]
>> mode: "exclusive" # run detect threads in these cpus
>
> Here you say that detect which is the most consuming task is only using
> one CPU. I don't think this is really what you want.
>
Uhmm ... Maybe is it more correct to use core 2 to all tasks except
for detect (using core 3 for this)??
More information about the Oisf-users
mailing list