[Oisf-users] Suricata 4.0.3 with Napatech problems
Steve Castellarin
steve.castellarin at gmail.com
Tue Jan 30 20:46:23 UTC 2018
It will stay 100% for minutes, etc - until I kill Suricata. The same goes
with the associated host buffer - it will continually drop packets. If I
do not stop Suricata, eventually a second CPU/host buffer pair will hit
that 100% mark, and so on. I've had instances where I've let it go to 8 or
9 CPU/buffers at 100% before I killed it - hoping that the original CPU(s)
would recover but they don't.
On Tue, Jan 30, 2018 at 3:34 PM, Peter Manev <petermanev at gmail.com> wrote:
> On Tue, Jan 30, 2018 at 8:49 PM, Steve Castellarin
> <steve.castellarin at gmail.com> wrote:
> > Hey Peter,
> >
> > Unfortunately I continue to have the same issues with a buffer
> overflowing
> > and a CPU staying at 100%, repeating over multiple buffers and CPUs
> until I
> > kill the Suricata process.
>
> For what period of time o you get to the 100% ?
>
> >
> > On Thu, Jan 25, 2018 at 9:14 AM, Steve Castellarin
> > <steve.castellarin at gmail.com> wrote:
> >>
> >> OK I'll create a separate bug tracker on Redmine.
> >>
> >> I was able to run 4.0.3 with a smaller ruleset (13,971 versus 29,110)
> for
> >> 90 minutes yesterday, without issue, before I had to leave. I'm getting
> >> ready to run 4.0.3 again to see how it runs and for how long. I'll
> update
> >> with results.
> >>
> >> On Thu, Jan 25, 2018 at 9:00 AM, Peter Manev <petermanev at gmail.com>
> wrote:
> >>>
> >>> On Wed, Jan 24, 2018 at 6:27 PM, Steve Castellarin
> >>> <steve.castellarin at gmail.com> wrote:
> >>> > If a bug/feature report is needed - would that fall into Bug #2423
> that
> >>> > I
> >>> > opened on Redmine last week?
> >>> >
> >>>
> >>> Separate is probably better.
> >>>
> >>> > As for splitting the rules, I'll test that out and let you know what
> >>> > happens.
> >>> >
> >>>
> >>>
> >>> --
> >>> Regards,
> >>> Peter Manev
> >>
> >>
> >
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180130/ddb743c4/attachment-0002.html>
More information about the Oisf-users
mailing list