[Oisf-users] (no subject)
Peter Manev
petermanev at gmail.com
Mon Mar 24 16:47:42 UTC 2014
> On 24 mar 2014, at 17:38, Berk Gulenler <gulenler at boun.edu.tr> wrote:
>
> mpm-algo could be your problem. What is the load? Maybe you should enable rule profiling.
You can try mpm-algo "full" instead of auto, but this is not so much for the file extraction problem.
I am really lost - is it a performance issue , is it a file extraction issue , is it "do I see all mirrored packets" issue, something else, all of the above?
>
>> On 2014-03-24 18:07, Travel Factory S.r.l. wrote:
>> On Mon, 24 Mar 2014 06:10:02 -0700
>> "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
>>> I tried restarting suricata with "buffer-size: 0" as I suggested and can
>>> confirm it doesn't drop packets at startup. I'll see how it performs
>>> under load during the day.
>> no changes after setting this parameter to 0: during startup
>> capture.kernel_drops grows over 30000 and then stops at that value.
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list