[Oisf-users] High ICMP Ping Latency in Workers Runmode
Andreas Herz
andi at geekosphere.org
Tue Feb 7 21:08:10 UTC 2017
On 04/02/17 at 18:08, Peter Fyon wrote:
> Linux suricata 3.16.0-77-generic #99~14.04.1-Ubuntu SMP Tue Jun 28 19:17:10
> UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Could you try a more recent kernel? There have been improvements with
af_packet.
> Command line:
> /usr/bin/suricata -c /etc/suricata/suricata.yaml --pid file
> /var/run/suricata.pid --af-packet -D -vvv
Could you paste the output from suricata with verbose mode somewhere?
> Server specs:
> Intel g3258 cpu (2 cores @ 3.2ghz)
> 8gb ram
> Some cheap Realtek gigabit nics for capture, onboard nic for management
CPU and RAM should be fine for some mbit/s.
The cheap realtek might be the issue as well. Do you see anything
relevant in the syslog?
You said you removed all rules and had the same issue then with zero
rules loaded. Do you have the ping issue while other traffic is going on
or can you even reproduce it without any other traffic or with low
traffic?
--
Andreas Herz
More information about the Oisf-users
mailing list