[Oisf-users] suricata 3.2.0 for 10Gb performance
erik clark
philosnef at gmail.com
Tue Jan 24 15:30:53 UTC 2017
I am seeing packets truncated at about 1 or 2 with tpacket_v3 running. With
the default of 1514, I was not seeing packets truncated unless I had bro
and suricata running at the same time. Not sure why that might have been.
Still waiting on a response from RH, but this appears to work combined with
the ixgbe patch on RHEL7.
On Fri, Jan 20, 2017 at 5:28 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> Look for log entries with "trunc_pkt" in the stats.log file to see if
> you aren't capturing full packets.
>
> You have to explicitly enable the tpacket-v3 setting in suricata.yaml to
> make use of it.
>
> -Coop
>
> On 1/20/2017 2:11 PM, erik clark wrote:
> > Interesting. I will doublecheck with RH on Monday regarding tpacket-v3 in
> > RHEL7. I know that 6 isn't compliant though.
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170124/6808c6f1/attachment-0002.html>
More information about the Oisf-users
mailing list