[Oisf-users] (no subject)
Berk Gulenler
gulenler at boun.edu.tr
Mon Mar 24 09:55:40 UTC 2014
What is the value of "max-pending-packets:" ?
On 03/24/2014 11:50 AM, Travel Factory S.r.l. wrote:
>
> After several months I'm back to suricata.
> Please help me understand what is going wrong in my setup.
>
> Server with 16 real cores, 32 gb ram.
> 10 gbit lan card: Intel Corporation 82599EB 10-Gigabit SFI/SFP+ Network
> Connection (rev 01)
>
> O.S. is ubuntu 12.04. Suricata is the last 1.4. ixgbe driver updated to
> 3.18.7. ethtool to 3.13. Every "offloading" stuff set to off except:
> highdma: on [fixed]
> rx-vlan-filter: on [fixed]
> tx-fcoe-segmentation: on [fixed]
> tx-nocache-copy: on
>
> Interrupts are split among cores; irqbalance stopped.
>
> ifconfig reports:
> RX packets:89109893 errors:0 dropped:13188 overruns:0 frame:0
> with the dropped value constant for a few seconds then raising always by
> a multiple of 4 each second.
>
> When tcpstat reports a load of 120mbit/s (or less) I can succesfully
> capture all the traffic, above that level I start to have incomplete files.
>
> I'm currectly using AF_PACKET, workers runmode, cluster_cpu, with 8 or
> 16 thread (with no visible difference).
>
> I'm trying to check if I'm receiving all the packets from the lan side,
> but the lan people tell me it's everything ok on their side...
>
>
> Where can I look for problems ? I spent several days trying to optimize
> everything I could but with no success so far...
>
> Thanks
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list