[Oisf-users] Suricata load/latency spikes
Peter Manev
petermanev at gmail.com
Mon Jun 29 16:09:29 UTC 2015
> On 29 jun 2015, at 18:04, Oliver Humpage <oliver at watershed.co.uk> wrote:
>
>
>> On 29 Jun 2015, at 16:03, Victor Julien <lists at inliniac.net> wrote:
>>
>> Enabling packet profiling (configure with --enable-profiling) gives you
>> a break down of where suricata spends most time in the packet path,
>> broken down by protocol.
>
> Ah, good idea. I've set my router to grab a few thousand packets to a pcap file whenever ping latency goes up to over 100ms.
>
> I guess I should install a profiling-enabled suricata on a different machine to analyse the files, so as not to let profiling affect the performance of the main router?
Highly advisable indeed(at least as a first step) since the profiling affects performance - but not sure if reading a pcap can pinpoint the issue you are experiencing 100%.
>
> Oliver.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
More information about the Oisf-users
mailing list