[Oisf-users] Help with good configuration for Suricata install with Napatech card
Rob MacGregor
rob.macgregor at gmail.com
Fri Oct 9 09:14:10 UTC 2015
On Thu, Oct 8, 2015 at 10:50 PM Stephen Castellarin <castle1126 at yahoo.com>
wrote:
> Hey Rob,
>
Don't forget to include the list ;)
Right now Suricata is configured for autofp. The ntservice.ini is the
> default that came out of the driver install. As for packet loss I know
> previously that with a 1Gb ethernet card I know that our tap infrastructure
> kept alerting that we were over-subscribing on the amount of traffic
> hitting the Suricata port. It's hard to quantify what the packet loss on
> the current production system is - every time I run an ifconfig on that
> interface the dropped count continues to rise at a good clip. Running
> "monitoring" on the new server shows 0 fragments, collisions, drop events
> or crc/align errors.
>
Hmmm, my Napatech install doesn't show up as an interface, so I can't
cross-check that. However, if the monitoring tool isn't reporting packet
loss, that's a good sign.
So, what do you expect/want to get "tuned up"?
Also, are you really sure those 24K rules are relevant? That's quite a
large ruleset...
--
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151009/ab904e05/attachment-0002.html>
More information about the Oisf-users
mailing list