[Oisf-users] Suricata 2.1beta3 vs 2.0.7

Peter Manev petermanev at gmail.com
Fri May 1 10:10:40 UTC 2015 

On Thu, Apr 30, 2015 at 5:13 PM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> I am inspecting two span ports. Each has about 15 million packets per
> minute, mostly HTTP. Bandwidth is about 2 Gbps on each.
>
> I've noticed one new message on startup with beta version.
> VLAN disabled, setting cluster type to CLUSTER_FLOW_5_TUPLE
>
> Not sure if this has any effect.
>
>
> ________________________________
> Date: Thu, 30 Apr 2015 23:10:09 +0800
> Subject: Re: [Oisf-users] Suricata 2.1beta3 vs 2.0.7
> From: modversion at gmail.com
> To: coolyasha at hotmail.com
> CC: oisf-users at lists.openinfosecfoundation.org
>
>
> It seems that 2.0.7 work better than 2.1beta3.
> What's the bandwidth you protect by suricata ? 10Gbps or 20Gbps ?
>
> 2015-04-30 23:00 GMT+08:00 Yasha Zislin <coolyasha at hotmail.com>:
>
> I have tweaked my configuration to have Suricata 2.0.7 run with minimal
> packet loss less than 0.01%. This set up does use a ton of RAM 95% of 140GB.
> As soon as I switch to Suricata 2.1beta3 and run it with the same config, I
> get 50% packet loss but RAM utilization stays around 50%.
>
> What was changed to have such a big impact?

Just to confirm  - you are running the same Suricata config the only
thing you have changed is suricata from 2.0.7 to 2.1beta3, correct?
(nothing else)

>
> P.S. I am using PF_RING.
>
> Thanks.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net



-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list