[Oisf-users] Massive kernel drops with HTTP traffic
Konstantin Klinger
konstantin.klinger at dcso.de
Fri Aug 17 13:24:31 UTC 2018
On 17.08.2018 15:21, Michael Stone wrote:
> On Thu, Aug 16, 2018 at 04:00:08PM +0200, you wrote:
>>> On 16-08-18 14:49, Konstantin Klinger wrote:
>>>> we have some issues with massive capture.kernel_drops (~30-50%) on some
>>>> of our high traffic (>5Gbit/s per interface) 4.1.0dev Suricata
>>>> instances
>>>> (af_packet). What we found curious about the issue is that there is no
>>>> associated heavy CPU load.
> [...]
>> We have the same problems with 4.0.* stable.
>
> Do you have filemagic enabled?
Yes. We currently use filestore v1. And we use the filemagic value in
our rules for filestoring.
--
Konstantin Klinger
Security Content Engineer
Threat Detection & Hunting (TDH)
+49 160 95476260
konstantin.klinger at dcso.de
dcso.de
blog.dcso.de
PGP: 180D C5B3 3C68 5C9A FB58 6F33 400E 5A35 3307 8D46
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH • EUREF-Campus
22 • D-10829 Berlin
Geschäftsführer: Dr.-Ing. Gunnar Siebert, Sitz der Gesellschaft: Berlin,
Amtsgericht Charlottenburg HRB 172382
More information about the Oisf-users
mailing list