[Oisf-users] High CPU usage without any rules
Satish Patel
satish.txt at gmail.com
Sat Nov 28 17:01:54 UTC 2015
Following is htop output ( just single rule loaded) **NOT ALL**
also how do i enabled 8 threads and with runmode workers? my yaml file is
default file i didn't do any fine-tuning. Let me know how i can optimize it?
On Sat, Nov 21, 2015 at 8:08 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Fri, Nov 20, 2015 at 7:00 PM, Satish Patel <satish.txt at gmail.com>
> wrote:
> >
> >
> > On Fri, Nov 20, 2015 at 8:39 AM, Andreas Herz <andi at geekosphere.org>
> wrote:
> >>
> >> On 19/11/15 at 10:51, Satish Patel wrote:
> >> > 19/11/2015 -- 10:50:10 - <Info> - 1 rule files processed. 1 rules
> >> > successfully loaded, 0 rules failed
> >>
> >> What rule are you using? Is the load issue the same even without this
> >> rule?
> >
> >
> >
> > For experiment, i have removed all rules from .yaml file and load is
> around
> > 200% with all rules load will be 350%
> >
>
> Can you share a screenshot of htop/top ?
>
> > If i test with zero traffic load is around 1 or 2%. Do you think
> 100mbps
> > load is high?
> >
>
> Why dont you try apacket with 8 threads and with runmode workers - any
> diff?
>
> >>
> >>
> >> > 19/11/2015 -- 10:50:10 - <Warning> - [ERRCODE:
> >> > SC_ERR_NOT_SUPPORTED(225)] -
> >> > Eve-log support not compiled in. Reconfigure/recompile with libjansson
> >> > and
> >> > its development files installed to add eve-log support.
> >>
> >> You might wanna exclude eve log from the config, but shouldn't be an
> >> issue with the load
> >>
> >> > 19/11/2015 -- 10:50:10 - <Info> - Large Receive Offload is unset on
> eth1
> >> > 19/11/2015 -- 10:50:10 - <Warning> - [ERRCODE:
> SC_ERR_PCAP_CREATE(21)] -
> >> > Using Pcap capture with GRO or LRO activated can lead to capture
> >> > problems.
> >>
> >> Regarding this issue, read:
> >>
> >>
> >>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
> >>
> >> Section NIC Offloading
> >
> >
> > Do you think this is related to PF_RING?
> >
> >>
> >>
> >> --
> >> Andreas Herz
> >
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151128/66c80aa9/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2015-11-28 at 11.53.51 AM.png
Type: image/png
Size: 243738 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151128/66c80aa9/attachment-0002.png>
More information about the Oisf-users
mailing list