[Oisf-users] Can't start AF_PACKET in Workers mode?
Cloherty, Sean E
scloherty at mitre.org
Mon Mar 28 19:47:33 UTC 2016
( buried in an earlier email about a different topic . . . )
An odd behavior I am noticing is that despite setting the afpacket mode to workers, both in the yaml file and on the command line, the start messages always notes autofp mode. Am I reading that correctly? What could cause that? I am running in IDS mode in case that is of note.
When I start up - the last line is as below.
24/3/2016 -- 13:32:30 - <Notice> - This is Suricata version 3.0 RELEASE
24/3/2016 -- 13:32:30 - <Info> - CPUs/cores online: 32
24/3/2016 -- 13:32:30 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization.
24/3/2016 -- 13:32:30 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after randomization.
24/3/2016 -- 13:32:30 - <Info> - DNS request flood protection level: 500
24/3/2016 -- 13:32:30 - <Info> - DNS per flow memcap (state-memcap): 524288
24/3/2016 -- 13:32:30 - <Info> - DNS global memcap: 16777216
24/3/2016 -- 13:32:30 - <Info> - Protocol detection and parser disabled for modbus protocol.
24/3/2016 -- 13:32:30 - <Info> - Found an MTU of 1500 for 'ens1f1'
24/3/2016 -- 13:32:30 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/3/2016 -- 13:32:30 - <Info> - preallocated 65535 defrag trackers of size 168
24/3/2016 -- 13:32:30 - <Info> - defrag memory usage: 14679896 bytes, maximum: 2147483648
24/3/2016 -- 13:32:30 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
Sean Cloherty
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160328/558497ba/attachment.html>
More information about the Oisf-users
mailing list