[Oisf-users] High Suricata capture.kernel_drops
Cooper F. Nelson
cnelson at ucsd.edu
Fri Jul 13 21:42:36 UTC 2018
Doubling the size of the ring-size setting in the af-packet config
should cut your packet drops in half. It's up to you to decide how to
balance memory utilization vs. packet drops. Also, setting it too high
can cause problems, but I've gone up to a 1000000 packets without issue
(provided you have enough memory).
-Coop
On 7/13/2018 1:49 PM, fatema bannatwala wrote:
> Yeah, We are already filtering out Netflix and other un-wanted traffic
> to be monitored on gigamon.
> I have applied all the ethtool settings mentioned on this list and the
> suggested cpu-set settings by Sean,
> and now the loss has reduced to ~1.8% roughly.
> I will try the Mem settings tuning Michal has suggested and see if I
> can get the numbers down even more, because
> we are not seeing very heavy traffic currently because of summer, but
> in fall the flow rate will be much higher than what Suri sensor
> currently is seeing.
>
> Hence, this time is the best to tune it down so that we don't have any
> heavy loses when the traffic is in full swing.
>
> Thanks,
> Fatema.
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180713/b6cc3df7/attachment-0001.sig>
More information about the Oisf-users
mailing list