[Oisf-users] Help with good configuration for Suricata install with Napatech card
Rob MacGregor
rob.macgregor at gmail.com
Thu Oct 8 19:32:18 UTC 2015
On Thu, Oct 8, 2015 at 3:08 PM Stephen Castellarin <castle1126 at yahoo.com>
wrote:
> Hi all,
>
> I'm building a new Suricata instance to replace our old production system
> (running on old Core 2 Duo processors, 8gb memory, seeing load averages in
> the 15-18 range). The new hardware is a server with 2 processor (10 cores
> per) Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz with hyperthreading turned
> off, running 128Gb of memory and a Napatech NT20E2-PTP-CAP. The OS is
> Ubuntu 14.04 Server 64 bit and I've just downloaded and compiled 2.0.9 of
> Suricata.
>
> Using the basic configuration for the default Napatech ntservice.ini and
> suricata.yaml file, running just over 24,000 ET Pro and custom signatures,
> the new system is triggering on the same alerts as our current production
> system - maybe triggering on one or two more alerts here and there. I know
> there's more to squeeze out of this configuration, but I'm stuck on how to
> get to that level. The reseller we purchased the Napatech card isn't
> familiar with incorporating Suricata with the card, so they don't have any
> examples for me to use.
>
> Any ideas or thoughts on how to get this new environment tuned up would be
> greatly appreciated!
>
What run mode are you using for Suricata? What does your ntservice.ini look
like? What level of packet loss were you seeing before vs now?
--
Rob MacGregor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151008/56935a17/attachment-0002.html>
More information about the Oisf-users
mailing list