[Oisf-users] Help with good configuration for Suricata install with Napatech card

Stephen Castellarin castle1126 at yahoo.com
Thu Oct 8 14:05:03 UTC 2015

Hi all,
I'm building a new Suricata instance to replace our old production system (running on old Core 2 Duo processors, 8gb memory, seeing load averages in the 15-18 range).  The new hardware is a server with 2 processor (10 cores per) Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz with hyperthreading turned off, running 128Gb of memory and a Napatech NT20E2-PTP-CAP.  The OS is Ubuntu 14.04 Server 64 bit and I've just downloaded and compiled 2.0.9 of Suricata.
Using the basic configuration for the default Napatech ntservice.ini and suricata.yaml file, running just over 24,000 ET Pro and custom signatures, the new system is triggering on the same alerts as our current production system - maybe triggering on one or two more alerts here and there.  I know there's more to squeeze out of this configuration, but I'm stuck on how to get to that level.  The reseller we purchased the Napatech card isn't familiar with incorporating Suricata with the card, so they don't have any examples for me to use.
Any ideas or thoughts on how to get this new environment tuned up would be greatly appreciated!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151008/4dbe2c54/attachment.html>

More information about the Oisf-users mailing list