[Oisf-users] running Suricata on cisco ucs

[Risto Vaarandi]

> From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-
> users-bounces at lists.openinfosecfoundation.org] On Behalf Of Risto
> Vaarandi
> Sent: Wednesday, October 21, 2015 12:35 PM
> To: oisf-users at lists.openinfosecfoundation.org
> Subject: [Oisf-users] running Suricata on cisco ucs
> 
> Hi all,
> 
> Few days ago, I was offered unused cisco UCS servers for running Suricata.
> Since UCS hardware should accept any recent Linux distribution without
> issues, my plan is to install centos7 on top of an UCS server and use it for
> running Suricata. However, the UCS boxes have vic1340 network adapters,
> and I was wondering how well are they suited for packet capture in 10Gbit/s
> networks. I know that Intel 10Gbit/s network cards that use the 'ixgbe' driver
> are the best option for Suricata, and all my other installations are relying on
> Intel cards.
> 
> Does anyone has any experience with Suricata on UCS platform with vic1340,
> and how well does this combination work? If this is something that is not
> recommended, I'd go with Intel nework card and 'ixgbe'.

...additional question -- if one runs Vmware on top of ucs as people normally do, can Suricata deliver adequate performance if running as a virtual machine? How efficiently is packet capture implemented through virtual network cards and what is the max rate of traffic I could reliably capture? Any experience and results from the field are appreciated :)
Kind regards,
risto

> 
> Kind regards,
> risto
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net