[Oisf-users] [Question] suricata test with pcap-file

[박경호]

Thank you for your response. 
After upgrading to the latest version and testing on Debian,
i will send the result to you.
 
-KyungHo 
-----Original Message-----
From: "Francis Trudeau"<ftrudeau at emergingthreats.net> 
To: <oisf-users at lists.openinfosecfoundation.org>; 
Cc: 
Sent: 2017-01-10 (화) 05:07:00
Subject: Re: [Oisf-users] [Question] suricata test with pcap-file
 
2.0.11 is pretty old now.  Current is 3.2.  I would upgrade and see if that helps. Upgrading on Debian shouldn't be too much of an issue.  It looks like the Debian testing repo has the latest: https://tracker.debian.org/pkg/suricata I have a vague memory of perf testing having bugs in the past.  Others here will surely have more detail. -FT   
On Mon, Jan 9, 2017 at 4:07 AM, 박경호 <pgh5247 at naver.com> wrote:
Hello all.
 
This is first-day joining the suricata-development group.
i am so happy to share the knowledge with you.
 
nowdays, 
i am testing the suricata performance with pcap-files.
I found the wrong result or bug for testing.
 
i had run the suricata repeatly with the same pcap-files.(about 470GB, 60 pcap-files).
But, the result messages are different.(different tuple or different viloation message).
 
please explain to me whether these results are right or wrong?
if these results are wrong, how do i do for make good results(same result message)?
 
i used the suricata 2.0.11 version and pc is intel xeon e5-2620 and 16GB RAM and debian 64bit.
 
Thank you for your email in advance. 


_______________________________________________

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org

Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/

List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170110/f7e41087/attachment-0002.html>