[Oisf-users] Threads not doing any work

Duane Howard duane.security at gmail.com
Wed Oct 14 20:03:59 UTC 2015 

>
>
>
> What cluster_type(and Suri version) are you using?

version: 2.0.8 RELEASE
cluster-type: cluster_flow

>
> Is this consistent with Suricata's stats.log?
>

*Yes, last two entries from stats.log:*
capture.kernel_packets    | AFPacketbond01            | 1485572868
*capture.kernel_packets    | AFPacketbond02            | 0*
capture.kernel_packets    | AFPacketbond03            | 1377368199
capture.kernel_packets    | AFPacketbond04            | 1389788072
capture.kernel_packets    | AFPacketbond05            | 1428569217
capture.kernel_packets    | AFPacketbond06            | 1920661530
capture.kernel_packets    | AFPacketbond07            | 1408036528
capture.kernel_packets    | AFPacketbond08            | 1590766009
capture.kernel_packets    | AFPacketbond09            | 1494232281
capture.kernel_packets    | AFPacketbond010           | 1451044916
capture.kernel_packets    | AFPacketbond011           | 3252054939
capture.kernel_packets    | AFPacketbond012           | 3118034998
capture.kernel_packets    | AFPacketbond013           | 1493265432
capture.kernel_packets    | AFPacketbond014           | 1465651530
capture.kernel_packets    | AFPacketbond015           | 1513765413
capture.kernel_packets    | AFPacketbond016           | 1616881473
capture.kernel_packets    | AFPacketbond01            | 1500290226
*capture.kernel_packets    | AFPacketbond02            | 0*
capture.kernel_packets    | AFPacketbond03            | 1390539219
capture.kernel_packets    | AFPacketbond04            | 1402401529
capture.kernel_packets    | AFPacketbond05            | 1441521628
capture.kernel_packets    | AFPacketbond06            | 1934344963
capture.kernel_packets    | AFPacketbond07            | 1420926996
capture.kernel_packets    | AFPacketbond08            | 1604977752
capture.kernel_packets    | AFPacketbond09            | 1525281819
capture.kernel_packets    | AFPacketbond010           | 1464552695
capture.kernel_packets    | AFPacketbond011           | 3269385208
capture.kernel_packets    | AFPacketbond012           | 3131000528
capture.kernel_packets    | AFPacketbond013           | 1506020632
capture.kernel_packets    | AFPacketbond014           | 1477735937
capture.kernel_packets    | AFPacketbond015           | 1528967614
capture.kernel_packets    | AFPacketbond016           | 1629456468


> You can try the latest git and use the rollover option  -
>
> https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L451
> and see if all threads are going to have packets? (you need kernel
> 3.10 and above).
>
kernel version should be fine, won't have time to test this different mode
in the short term, but cluster flow seems to be working correctly with the
exception of this distinct thread?

>
>
> >
> > ./d
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151014/ad726e80/attachment-0002.html>

More information about the Oisf-users mailing list