[Oisf-users] High Suricata capture.kernel_drops
Cloherty, Sean E
scloherty at mitre.org
Wed Jul 11 18:19:11 UTC 2018
First get the NUMA node for the CPUs – lscpu should provide that in the last two lines of the output.
Find your NICs NUMA node 1st and go from there for affinity settings cat /sys/class/net/em1/device/numa_node
Update the drivers for the NIC - https://downloadcenter.intel.com/download/24411/Intel-Network-Adapter-Driver-for-PCIe-40-Gigabit-Ethernet-Network-Connections-Under-Linux-?product=82947
(Just remember that you will need to repeat this after any kernel updates)
From: fatema bannatwala [mailto:fatema.bannatwala at gmail.com]
Sent: Wednesday, July 11, 2018 13:55 PM
To: Cloherty, Sean E <scloherty at mitre.org>
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] High Suricata capture.kernel_drops
Hi Sean,
Thanks for some quick points and recommendations.
I will work through those, and see if it helps.
The documentation refers the tuning assuming two NICs p1p1 and p1p3, which was getting me confused, as I only have single NIC with 20 cores and 40 online threads, so was struggling to set the config options right in the yaml file for cpu_affinity. I will try the hard coded method instead of all and see if it helps.
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180711/08259c9e/attachment.html>
More information about the Oisf-users
mailing list