[Oisf-users] Myricom and Suricata

Michał Purzyński michalpurzynski1 at gmail.com
Mon Aug 27 21:42:19 UTC 2018 

Here is a short script I use to run Suricata on Myricom. Not that this configuration makes any sense since 2016 you're better off with Intel X710.


#!/bin/bash

CPU_NUM=`cat /proc/cpuinfo | grep -E 'model name' | wc -l`

if [[ "${CPU_NUM}" -eq 32 ]]; then
    export SNF_NUM_RINGS=16
elif [[ "${CPU_NUM}" -eq 56 ]]; then
    export SNF_NUM_RINGS=28
else
    exit 1;
fi

(that part is just a nice to have, export SNF_NUM_RINGS to whatever you want)

(change to match your deployment of course, keep the dataring 4x the descring size)

export LD_LIBRARY_PATH=/opt/snf/lib
export SNF_DATARING_SIZE=34359738368
export SNF_DESCRING_SIZE=8589934592

(Export this to get useful debug messages during startup. Does not impact the runtime performance)

export SNF_DEBUG_MASK=0x3

/opt/suricata/bin/suricata -c /etc/nsm/suricata.yaml --pcap=snf0


If that fails, please send full log to the mailng list.

--
M.

> On Aug 27, 2018, at 2:00 PM, Victor Julien <lists at inliniac.net> wrote:
> 
>> On 27-08-18 22:26, Edgmand, Craig wrote:
>> I edited the pcap entry in suricata.yaml
>> 
>> pcap:
>>   - interface: p1p1
>>     threads: 16
>>     buffer-size: 2gb
>>     promisc: no
>> 
>> I ran variations of this command..
>> 
>> # SNF_NUM_RINGS=16 SNF_DEBUG_MASK=3 SNF_DATARING_SIZE=4294967296
>> SNF_DESCRING_SIZE=1073741824 /opt/suricata/bin/suricata -i p1p1 -c
>> /opt/suricata/etc/suricata/suricata.yaml -v --runmode=workers
>> 
>> After running these you look at myri_counters it shows no packets using
>> the sniffer interface.
>> 
>>                      SNF recv pkts:                    0
>>                 SNF drop ring full:                    0
>> 
>> If you try to run the tests using the snf0 interface, suricata dies.
> 
> How does it die? Any errors?
> 
> 
>> Any thoughts?  I have reviewed the documentation from Myricom and
>> Suricata as well.
>> 
>> Thanks,
> 
> What happens if you replace -i p1p1 with --pcap=p1p1 ?
> 
> 
> 
> -- 
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180827/08e72fb4/attachment-0001.html>

More information about the Oisf-users mailing list