[Oisf-users] Testers: please test our initial Hyperscan support
Peter Manev
petermanev at gmail.com
Sun Jun 19 07:56:09 UTC 2016
On Fri, Jun 17, 2016 at 11:13 PM, Brandon Lattin <lattin at umn.edu> wrote:
> Initial testing here is showing a significant performance (on the order of
> 1.5-2x) jump using 3.1RC1 w/hyperscan.
That is great to hear :)
>
> I'll get some actual numbers posted within the next two weeks.
If i may I was wondering if it would be possible to compare hyperscan
running with:
detect.sgh-mpm-context = auto
as opposed to
detect.sgh-mpm-context = full
I know it is easier said than done - but if there is a possibility for
some feedback it is greatly appreciated.
>
> On Wed, May 18, 2016 at 3:07 AM, Peter Manev <petermanev at gmail.com> wrote:
>>
>> On Wed, May 18, 2016 at 2:29 AM, Cooper F. Nelson <cnelson at ucsd.edu>
>> wrote:
>> > Setting a stream depth, but no sampling bpf.
>> >
>>
>> Excellent....
>>
>> > On 5/13/2016 11:27 PM, Peter Manev wrote:
>> >> But you still do full tracking right ? (As opposed to using sampling
>> >> bpf)
>> >
>> >
>> > --
>> > Cooper Nelson
>> > Network Security Analyst
>> > UCSD ITS Security Team
>> > cnelson at ucsd.edu x41042
>> >
>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC:
>> http://oisfevents.net
>
>
>
>
> --
> Brandon Lattin
> Security Analyst
> University of Minnesota - University Information Security
> Office: 612-626-6672
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list