[Oisf-users] Suricata 2.1beta3 vs 2.0.7
Yasha Zislin
coolyasha at hotmail.com
Thu Apr 30 15:13:27 UTC 2015
I am inspecting two span ports. Each has about 15 million packets per minute, mostly HTTP. Bandwidth is about 2 Gbps on each.
I've noticed one new message on startup with beta version.VLAN disabled, setting cluster type to CLUSTER_FLOW_5_TUPLE
Not sure if this has any effect.
Date: Thu, 30 Apr 2015 23:10:09 +0800
Subject: Re: [Oisf-users] Suricata 2.1beta3 vs 2.0.7
From: modversion at gmail.com
To: coolyasha at hotmail.com
CC: oisf-users at lists.openinfosecfoundation.org
It seems that 2.0.7 work better than 2.1beta3.What's the bandwidth you protect by suricata ? 10Gbps or 20Gbps ?
2015-04-30 23:00 GMT+08:00 Yasha Zislin <coolyasha at hotmail.com>:
I have tweaked my configuration to have Suricata 2.0.7 run with minimal packet loss less than 0.01%. This set up does use a ton of RAM 95% of 140GB.As soon as I switch to Suricata 2.1beta3 and run it with the same config, I get 50% packet loss but RAM utilization stays around 50%.
What was changed to have such a big impact?
P.S. I am using PF_RING.
Thanks.
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150430/0286d345/attachment-0002.html>
More information about the Oisf-users
mailing list