[Oisf-users] High Suricata capture.kernel_drops
Eric Leblond
eric at regit.org
Wed Jul 11 17:44:50 UTC 2018
Hello,
Hi,
On Wed, 2018-07-11 at 14:53 +0000, Cloherty, Sean E wrote:
> Hello Fatema -
>
> SEPTun is a great resource for sure and from that you might want to
> focus first on the CPU affinity and only include those in the same
> NUMA node as the NIC for workers. (See SEPTun page 14)
>
> Some other quick hits –
>
> Set threads to auto and specify which CPUs (by number or range of #s)
> instead of “all” for the workers to use. Also – I think you can
> choose to use CPUs not on the same NUMA node for the management-cpu-
> set so you can save the rest for workers.
> Install the NIC driver from Intel
> In AF-PACKET – enable tpacketv3
> Change the MPM-ALGO to AC-KS
Why are you not using hyperscan? It is supposed to have better
performance than the previous algorithms.
BR,
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list