[Oisf-users] not really

Cooper F. Nelson cnelson at ucsd.edu
Mon Mar 24 16:44:09 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To be honest I think that article may be flawed, if you are not
explicitly disabling all offloading on the Intel NIC then suricata is
only processing about 4k of each flow (and not recording dropped
packets).  But without seeing the configuration of the NIC I can't say
for sure.

Anyway, Peter Manev has an updated guide:

> http://pevma.blogspot.se/2013/12/suricata-and-grand-slam-of-open-source.html

I've also had problems in the past with the Intel NIC getting 'borked'
in some way which caused problems.  Usually just reloading the module
fixed this.  In more than one case I did have to reboot, so you might
want to try that as a sanity check.

- -Coop

On 3/24/2014 8:43 AM, Travel Factory S.r.l. wrote:
> On Mon, 24 Mar 2014 08:01:47 -0700
>  "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
> 
> 
>> Could you try the latest 2.0 release candidate?
> 
> Yes, I will try in next days but the article on the 10gb test is dated
> July 30 2012...
> And they could work at a 9.5gb sustained rate!
> 
> Which is the "magic" that made the system store 100+ tests without
> problems in a 2 hour period and then, after stopping and running
> suricata again in a couple of minutes, starting to fail ?
> 
> Can it be that I don't get all the packets from the lan box?
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTMGDZAAoJEKIFRYQsa8FW5PAH/iKZiF6duNpgx9qmMa9bzJOo
YUfQQGAG7jQ+RqfcBCNmeb9WUvKinXk1NltqpI7CtxZnV1sQM4154ytON6thL/H0
ZSzliAsG/aW/j6HTNLnSAkMOmN083nyllH5KGb+tytFt2pzbCn4FqJJLoS0MXJGx
bv6LUjnOl9PNEemSMcveCd8hD5F+vlRfPuWwyJz3CO5xiDXMy4AP1WaoIYHm72b4
UXFWkKxIP1i+0Z3E/Mkfpn6JOfHxbZB755fJLMTH1Vj3WudZN36inZbahroLRIPh
bVcR1VECffnN1V0rq3SpBLOT8EdP8eIlTpjr0fib1bPyLFLORnSINKw8VA4A+T4=
=w2nq
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list