[Oisf-users] (no subject)
Cooper F. Nelson
cnelson at ucsd.edu
Mon Mar 24 12:02:44 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a known issue with this configuration, see:
> https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/
> In most run, we’ve observed some packet loss between capture start
> and first time Suricata grab the statistics. It seems the
> initialization phase is not fast enough.
It's probably a race condition in the kernel when allocating socket
buffers. If I remember correctly, setting "buffer-size:" under the
af-packet config to "0" fixes this (but may cause other issues).
- -Coop
On 3/24/2014 4:23 AM, Travel Factory S.r.l. wrote:
>
>> You can check stats.log for more clues.
>>
>
>
> I post the stats for one core and for flow. Please note that
> capture.kernel_drops increases during suricata startup and then
> increases no more. I see nothing strange in it but I'm not an
> expert...
>
>
> capture.kernel_packets | AFPacketeth78 | 39271544
> capture.kernel_drops | AFPacketeth78 | 47434
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTMB7kAAoJEKIFRYQsa8FW6b4IAMk72WKqmsi9AdcF/h4UvCi9
pAOAuaMZ8YjuTd7pQt/YJFw6uFgM1Yy3yBEM9EC4uJkQQUzxT0/7LdpPvIwiZdWp
VyF8LCtUVWNe4AJ7qfsnX1fKU14C73tXbrJH0xgUU5hvBwnlsdWcbX4iG/PmzJzt
A6AubmUw41QaLj59/yEqrq/pJZWhqGEchzzLfW4H64bkWWbq3ifnfSjmxYp7CY+U
JV3nj0nrHF20/m6SLSKYowxxdoOANPdZ18wmwMpwrsQB7kkKCaReP4O5YhgQGuUj
wytLepnZCojvVoKitWjMqvG7ZsDOK4CHOQrTux3V8ViUir6/zfDGmXIt2fMw9bI=
=upjr
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list