[Oisf-users] (no subject)

[Cooper F. Nelson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That's not right at all.  What kernel revision are you running?  I know
to get the RSS+AF_PACKET+mmap mode working well you need a fairly recent
kernel.

- -Coop

On 3/24/2014 9:07 AM, Travel Factory S.r.l. wrote:
> On Mon, 24 Mar 2014 06:10:02 -0700
>  "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
> 
>>
>> I tried restarting suricata with "buffer-size: 0" as I suggested and can
>> confirm it doesn't drop packets at startup.  I'll see how it performs
>> under load during the day.
> 
> 
> no changes after setting this parameter to 0: during startup
> capture.kernel_drops grows over 30000 and then stops at that value.


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTMGL0AAoJEKIFRYQsa8FWR3MIAJvcmF8UgYS7gPoI75djleW3
CIZP2sRDI1B8n1VPzAHvL0yBKfLUvTmRYAdtEBgkmfl+R38hnc1vkvt1zO/lq7Gt
umvG/XCFNpy+NtoYXp84MDHEt47LLcAWEy+4IQXObiQRsIFA9zeuosw7wB5RdnmH
4waT3/nxlm07yk8HNh2d7MnoIkzc67NZpdPFVKVWfLzWH3t1UF9s8xdCtSpik9/P
szQm30VcfaP3Sx5frafFH9uPZSyfIknrnxSlkTJTwU7yVdbU1ai/LvNGTBh1Hm40
/Awvapr/l2K35rHmktyQrnJt8H/41wGCIY0SRxF57tJgjeOwU3argL0rtWWKvyc=
=nK88
-----END PGP SIGNATURE-----