[Oisf-users] Suricata Performance Tuning
Edgmand, Craig
craig.edgmand at okstate.edu
Thu Aug 30 15:03:32 UTC 2018
Hello,
I am working on a new Suricata server (Dell PowerEdge R710, 72 Gb of memory, 2 6 core procs) using a Myricom 10 card running snf v3. It needs to process between 3 and 6 Gb of traffic fed by a NetOptics agg tap.
Currently the system is dropping about 10% of the packets and the SNF drop ring is full so that implies that Suricata is not keeping up with processing. I currently have 20 threads running and about 16 Gb of free memory.
I have read SEPTun, SEPTun-Mark-II, the Suricata docs, the Myricom user guide, Peter Manev old blogs, etc...
And what I want to know is what performance tuning options have the greatest impact? Outside of buying faster processors, more memory or a different nic card. :)
Is it the suricata.yaml configuration options?
Is it hyperscan?
Sysctl settings?
Ethtool tweaks?
BIOS setting?
CPU Pinning?
???
Thanks very much,
Craig Edgmand
Oklahoma State University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180830/2cf719ae/attachment.html>
More information about the Oisf-users
mailing list