[Oisf-users] Suricata 4.0.3 with Napatech problems

Steve Castellarin steve.castellarin at gmail.com
Tue Jan 30 21:07:22 UTC 2018 

Oh sorry.  In one instance it took 20-25 minutes.  Another took an hour.
In both cases the bandwidth utilization was under 1Gbps.

On Tue, Jan 30, 2018 at 4:06 PM, Peter Manev <petermanev at gmail.com> wrote:

> On Tue, Jan 30, 2018 at 9:46 PM, Steve Castellarin
> <steve.castellarin at gmail.com> wrote:
> > It will stay 100% for minutes, etc - until I kill Suricata.  The same
> goes
> > with the associated host buffer - it will continually drop packets.  If
> I do
> > not stop Suricata, eventually a second CPU/host buffer pair will hit that
> > 100% mark, and so on.  I've had instances where I've let it go to 8 or 9
> > CPU/buffers at 100% before I killed it - hoping that the original CPU(s)
> > would recover but they don't.
> >
>
> I meant something else.
> In previous runs you mentioned that one or more buffers start hitting
> 100% right after 15 min.
> In the two previous test runs - that you tried with 1/2 the ruleset -
> how long did it take before you started seeing any buffer hitting 100%
> ?
>
> > On Tue, Jan 30, 2018 at 3:34 PM, Peter Manev <petermanev at gmail.com>
> wrote:
> >>
> >> On Tue, Jan 30, 2018 at 8:49 PM, Steve Castellarin
> >> <steve.castellarin at gmail.com> wrote:
> >> > Hey Peter,
> >> >
> >> > Unfortunately I continue to have the same issues with a buffer
> >> > overflowing
> >> > and a CPU staying at 100%, repeating over multiple buffers and CPUs
> >> > until I
> >> > kill the Suricata process.
> >>
> >> For what period of time o you get to the 100% ?
> >>
> >> >
> >> > On Thu, Jan 25, 2018 at 9:14 AM, Steve Castellarin
> >> > <steve.castellarin at gmail.com> wrote:
> >> >>
> >> >> OK I'll create a separate bug tracker on Redmine.
> >> >>
> >> >> I was able to run 4.0.3 with a smaller ruleset (13,971 versus 29,110)
> >> >> for
> >> >> 90 minutes yesterday, without issue, before I had to leave.  I'm
> >> >> getting
> >> >> ready to run 4.0.3 again to see how it runs and for how long.  I'll
> >> >> update
> >> >> with results.
> >> >>
> >> >> On Thu, Jan 25, 2018 at 9:00 AM, Peter Manev <petermanev at gmail.com>
> >> >> wrote:
> >> >>>
> >> >>> On Wed, Jan 24, 2018 at 6:27 PM, Steve Castellarin
> >> >>> <steve.castellarin at gmail.com> wrote:
> >> >>> > If a bug/feature report is needed - would that fall into Bug #2423
> >> >>> > that
> >> >>> > I
> >> >>> > opened on Redmine last week?
> >> >>> >
> >> >>>
> >> >>> Separate is probably better.
> >> >>>
> >> >>> > As for splitting the rules, I'll test that out and let you know
> what
> >> >>> > happens.
> >> >>> >
> >> >>>
> >> >>>
> >> >>> --
> >> >>> Regards,
> >> >>> Peter Manev
> >> >>
> >> >>
> >> >
> >>
> >>
> >>
> >> --
> >> Regards,
> >> Peter Manev
> >
> >
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180130/221d08c2/attachment-0002.html>

More information about the Oisf-users mailing list