[Oisf-users] suricata high CPU load
Andreas Herz
andi at geekosphere.org
Wed Feb 1 21:18:56 UTC 2017
On 01/02/17 at 08:20, Vieri wrote:
> At times I get very high CPU load when running Suricata in IPS inline mode.
With which specs Hardware/Traffic?
> I configured iptables to load-balance NFQUEUE 0:1. I would like to know what the pros and cons are performance-wise if:
>
> 1) I run 2 suricata processes on each queue (ie. suricata -q 0 AND suricata -q 1)
>
> 2) I run only one suricata process on multiple queues (ie. suricata -q 0 -q 1)
Without scientific data to support my suggestion but I played with that
as well and using one suricata for multiple queues wasn't really faster
but did use less cpu. Since suricata is multithreaded I see no need to
split it in two different suricata processes, especially if they have
the same config (despite the queue attached).
--
Andreas Herz
More information about the Oisf-users
mailing list