[Oisf-users] [Discussion] Suricata Performance Tuning (kernel_drops very high)
Cooper F. Nelson
cnelson at ucsd.edu
Tue Jan 13 18:13:52 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+1 for using the 'workers' runmode and using bpf filters to sample traffic.
Also, run it without any rules or logging enabled until you figure out
where your performance issues are.
- -Coop
On 1/13/2015 5:44 AM, Jay M. wrote:
> Also suggest looking into testing a good bpf filter to cull down on
> noisy and irrelevant traffic for that kind of volume.
>
> Curious which distro / kernel are you using?
> --
> Jay
> jskier at gmail.com
>
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJUtWBgAAoJEKIFRYQsa8FWhKUH/3IB451sZy73R8r4yGwu5Kp0
ExtIqutMGHdVx4E7xxUL4wmcgd00BMYK2EUwKWeMROZ3dONYGFdI0nusEBy3nI5K
KQy8P9PDLZ0f3XVyu29K8ro/1I8ssGTbpdOqesClq07I/tDQrJb09oAQh0tg3+v7
ksg6cSdHk0cGIMxY5l6ieXTG1azMNaQCWDGTNyqi4WhG5YY0ZAhwGkrxx9xmK1Ot
gTm4duQS3qy20TkCn5td6JQl6yKsa81vV/n4GNWM1UdoX7WHBdaKnsYvUETxxFut
XDx8/o+EZLDg+fr5E9GmYgqsNF1sJKW/Q8umrJpFgUpObfXT9cWTaxvpMvczoQA=
=aFpo
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list