[Oisf-users] Help with good configuration for Suricata install with Napatech card

Rob MacGregor rob.macgregor at gmail.com
Thu Oct 8 19:32:18 UTC 2015

On Thu, Oct 8, 2015 at 3:08 PM Stephen Castellarin <castle1126 at yahoo.com>

> Hi all,
> I'm building a new Suricata instance to replace our old production system
> (running on old Core 2 Duo processors, 8gb memory, seeing load averages in
> the 15-18 range).  The new hardware is a server with 2 processor (10 cores
> per) Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz with hyperthreading turned
> off, running 128Gb of memory and a Napatech NT20E2-PTP-CAP.  The OS is
> Ubuntu 14.04 Server 64 bit and I've just downloaded and compiled 2.0.9 of
> Suricata.
> Using the basic configuration for the default Napatech ntservice.ini and
> suricata.yaml file, running just over 24,000 ET Pro and custom signatures,
> the new system is triggering on the same alerts as our current production
> system - maybe triggering on one or two more alerts here and there.  I know
> there's more to squeeze out of this configuration, but I'm stuck on how to
> get to that level.  The reseller we purchased the Napatech card isn't
> familiar with incorporating Suricata with the card, so they don't have any
> examples for me to use.
> Any ideas or thoughts on how to get this new environment tuned up would be
> greatly appreciated!

What run mode are you using for Suricata? What does your ntservice.ini look
like? What level of packet loss were you seeing before vs now?

 Rob MacGregor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151008/56935a17/attachment-0002.html>

More information about the Oisf-users mailing list