[Oisf-users] High Suricata capture.kernel_drops
fatema bannatwala
fatema.bannatwala at gmail.com
Fri Jul 13 20:49:43 UTC 2018
Yeah, We are already filtering out Netflix and other un-wanted traffic to
be monitored on gigamon.
I have applied all the ethtool settings mentioned on this list and the
suggested cpu-set settings by Sean,
and now the loss has reduced to ~1.8% roughly.
I will try the Mem settings tuning Michal has suggested and see if I can
get the numbers down even more, because
we are not seeing very heavy traffic currently because of summer, but in
fall the flow rate will be much higher than what Suri sensor currently is
seeing.
Hence, this time is the best to tune it down so that we don't have any
heavy loses when the traffic is in full swing.
Thanks,
Fatema.
On Fri, Jul 13, 2018 at 4:42 PM, Cloherty, Sean E <scloherty at mitre.org>
wrote:
> If there are some huge flows from sources which you aren’t interested in
> monitoring, you might want to filter them out on the Gigamon. Youtube for
> instance or whatever else might be in your environment.
>
>
>
> *From:* Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> *On
> Behalf Of *fatema bannatwala
> *Sent:* Friday, July 13, 2018 13:49 PM
> *To:* Kerry.Milestone at ed.ac.uk
> *Cc:* oisf-users at lists.openinfosecfoundation.org
> *Subject:* Re: [Oisf-users] High Suricata capture.kernel_drops
>
>
>
> Hi Kerry,
>
>
>
> The traffic is being forwarded via Gigamon mirroring port to the sensor
> SFP interface. The copper DAC SFP+ cable is connected between the sensor
> and the gigamon for the 10gig interface.
>
>
>
> Thanks for the ethtool settings, will see if that helps.
>
>
>
> Fatema.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180713/154142ff/attachment.html>
More information about the Oisf-users
mailing list