[Oisf-users] unusual packet loss
Peter Manev
petermanev at gmail.com
Wed Dec 23 21:36:44 UTC 2015
On Wed, Dec 23, 2015 at 3:36 PM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> I am running Suricata 2.1beta4 with PF_RING.
> I have 4 threads (4 logical CPUs) monitoring one interface. After a few
> minutes of running, I get 50% packet loss.
> I have tweaked all of the stream reassembly buffers to avoid packet loss.
> Only one of the threads gets kernel packet drops. I've noticed that one CPU
> is running at 100% and others are almost idle. Looking at stats.log, that
> one thread for some reason is digesting more packets than others.
> Throughput on this sensor is not that big. About 500k packets a minute. I
> use this image on other sensors without issues.
>
> Need help to figure out why only one thread is doing MOST of the work.
Can you share "top -H" screenshot ?
>
> Thank you.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list