[Oisf-users] Suricata Myricom and 10Gbit

Michał Purzyński michalpurzynski1 at gmail.com
Mon Mar 31 23:23:15 UTC 2014


As for the decoder rules - I don't remember disabling them (where can I
read more?).

Suricata says.

31/3/2014 -- 18:29:38 - <Info> - 2441 signatures processed. 133 are IP-only
rules, 611 are inspecting packet payload, 1554 inspect application layer, 0
are decoder event only


On Tue, Apr 1, 2014 at 1:22 AM, Michał Purzyński <michalpurzynski1 at gmail.com
> wrote:

> Argh, I've sent replies directly instead of the list, my apologies, Gmail
> web interface isn't my native env.
>
> Anyway.
>
> There are around 4 cores busy most of the time and the rest floating.
> There is nothing sitting at 100% all the time.
>
> I use the ETOpen rule set, testing ETPro is my next step.
>
> Enabled are (only)
>
> ET-emerging-worm
> ET-emerging-snmp
> ET-emerging-attack_response
> ET-emerging-botcc.portgrouped
> ET-emerging-botcc
> ET-emerging-ciarmy
> ET-emerging-current_events
>
> and also ET-emerging-chat without IRC
>
> How much memory do you have in your sensors? SNF_DATARING_SIZE = 32GB
> times 16 is 512GB.
>
> Also, how do you start Suricata - I use the eth4 interface, is there any
> difference with using the snf0?
>
>
> On Mon, Mar 31, 2014 at 4:52 PM, Erich Lerch <erich.lerch at gmail.com>wrote:
>
>> Michał,
>>
>> We have a similar setup, also with the Myricom 10gb interface.
>>
>>
>>


-- 
Michał Purzyński
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140401/7a7bd8aa/attachment-0002.html>


More information about the Oisf-users mailing list