[Oisf-users] Grows the value 'TCP reassembly gaps'
Andreas Herz
andi at geekosphere.org
Wed Feb 15 20:27:51 UTC 2017
On 14/02/17 at 11:30, Бунин Владимир wrote:
> Hello!
> I tried to find the solution on the Internet but only in one post
> ([1]https://lists.openinfosecfoundation.org/pipermail/oisf-users/2012-A
> pril/001560.html) was said that this value means the counter of lost
> packets. Why does it happen? The counter of kernel dropped packets is
> clean, others problem indicators are clean too. But TCP reassembly gaps
> grows extremely. Can it be because of slow speed of hard drive? Or CPU
> speed? At the same time CPU and memory are not overloaded. CPU
> utilization is about 20%, sometimes increases to 70%, total memory is
> 16Gb, available 11Gb.
Could you be a little more verbose about your setup and how you run
suricata, like runmode/packetcapture and version?
--
Andreas Herz
More information about the Oisf-users
mailing list