[Oisf-users] dev-detect-grouping-v174, only 2 cores being used?

[Barkley, Joey]

All,


I've done some tweaking to my test instance but can't seem to get it running properly. Here is what I did:


1) Took the dev-detect-grouping-v174 branch and merged master (as of this morning, 2016-02-29) into it.

2) Built Suricata and used my normal config file, but made the required changes in the "detect" section.

    a. I tried the default (profile medium, toclient 3, toserver 25) but then also changed to 30 and 250 just to test. Same results with both.

3) I have 8 threads set, and I have management cpu set to 0,2 and detect cpu set to 4-14 (even number cores).

4) management cpu set is exclusive and high, so is detect cpu set


Suricata starts up very quickly (few seconds) and consumes very little RAM. However, I get cpu 0 with a very small use %, and cpu's 4 & 14 pegged at 100%. kernel_drops are extremely high (compared to my working config).


I know I've got a lot of variables in this setup, but does anyone see anything obviously wrong with how I've set things up? Should I stop separating out the management CPU set and just run them on the CPUs that the detect threads run on?


Thanks,

Joey Barkley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160229/07a9987b/attachment.html>