[Oisf-users] Moving from Suricata 2.0.x to 3.0RC1
Victor Julien
lists at inliniac.net
Tue Dec 1 21:09:41 UTC 2015
On 01-12-15 21:01, Gary Faulkner wrote:
> I'm looking to give Suricata 3.0RC1 a try, but will be moving from
> 2.0.6. I recall when I migrated sensors from 1.4.7 to 2.0.x there were
> some fairly significant changes to the configuration and performance
> characteristics and so I'm wondering if there is anything to be aware of
> when attempting to migrate to 3.0RC1. I'm currently running Suricata
> with PF_RING using DNA IXGBE drivers (Intel 10Gbps NICS), in workers
> mode with ET Pro rules (20K) on RHEL 6.6 and moving to RHEL 6.7. I
> hadn't made the jump to PF_RING ZC yet, but could do so, I just seem to
> remember there being some bugs being worked on previously and stuck with
> DNA. I understand a lot has changed in terms of added features. I'm
> mostly looking to see if I'm likely to need to make significant changes
> to in terms of configuration, need to rethink hardware, PF_RING usage
> etc. An example might be if Suricata needed more memory due to new
> features, code changes, needed some special work-around etc. Looking at
> running 10-20Gbps of traffic through a couple Dell R720s (16/32 2.6Ghz
> cores/threads each and 64G RAM) running about 30 workers each. I have a
> server I can run a copy of some production traffic through for testing.
Not a helpful answer, more a request for help. This link is meant to
explain things, however it still lacks content. I'm hoping that everyone
doing the switch will help fill it.
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_20_to_Suricata_30
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list