[Oisf-users] [Question] suricata test with pcap-file

Francis Trudeau ftrudeau at emergingthreats.net
Mon Jan 9 20:07:00 UTC 2017


2.0.11 is pretty old now.  Current is 3.2.  I would upgrade and see if that
helps.

Upgrading on Debian shouldn't be too much of an issue.  It looks like the
Debian testing repo has the latest:

https://tracker.debian.org/pkg/suricata

I have a vague memory of perf testing having bugs in the past.  Others here
will surely have more detail.

-FT




On Mon, Jan 9, 2017 at 4:07 AM, 박경호 <pgh5247 at naver.com> wrote:

> Hello all.
>
>
>
> This is first-day joining the suricata-development group.
>
> i am so happy to share the knowledge with you.
>
>
>
> nowdays,
>
> i am testing the suricata performance with pcap-files.
>
> I found the wrong result or bug for testing.
>
>
>
> i had run the suricata repeatly with the same pcap-files.(about 470GB, 60
> pcap-files).
>
> But, the result messages are different.(different tuple or different
> viloation message).
>
>
>
> please explain to me whether these results are right or wrong?
>
> if these results are wrong, how do i do for make good results(same result
> message)?
>
>
>
> i used the suricata 2.0.11 version and pc is intel xeon e5-2620 and 16GB
> RAM and debian 64bit.
>
>
>
> Thank you for your email in advance.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170109/b0a56e9a/attachment-0002.html>


More information about the Oisf-users mailing list