[Oisf-users] multicore http requests logging
MichaĆ D
michu162 at gmail.com
Tue Sep 27 06:43:09 UTC 2016
Hello,
I would like to use suricata only to log incoming http requests and save
them as json into file (http.json).
I have server with two 10G interfaces where I'm receiving mirrored traffic,
48GB of RAM and Intel(R) Xeon(R) CPU E5540 2.53GHz with 16 cores
Configuration of suricata and build-info you can find here:
http://pastebin.com/CriMdqJP
Currently it works in PCAP mode, but I can see 100% usage only of 2 CPU
cores and a lot of drops.
(/usr/bin/suricata -c /etc/suricata/suricata.yaml --disable-detection
--pidfile /var/run/suricata.pid --pcap=p2p1 --pcap=p2p2 -D -vvv -F
/etc/suricata/bpf_filter.txt)
How should I configure & run suricata to have no drops and use all cores?
Regards
Michal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160927/4c0393d7/attachment.html>
More information about the Oisf-users
mailing list