[Oisf-users] Suricata dropped 100% traffic
Andreas Herz
andi at geekosphere.org
Mon May 28 22:13:41 UTC 2018
Hi,
can you provide us with more details? In general af_packet is
recommended for such high-speed networks, pcap certainly has its limits.
On 29/05/18 at 10:08, Qinwen Hu wrote:
> HI all,
>
> I am using Suricata 4.0.4 in our high-speed network that produces 100Gb
> throughput per second. We use Suricata 4.0.4 with the default
> configuration. The Daq is pcap. Our result shows Suricata's drop rate is
> 100%. I'm a bit clueless what's wrong with this setup. Anyone willing to
> help? By contrast, we tried the af_packet with the same configuration; the
> drop rate decreased to 0%.
>
>
> Best regards,
>
> Steven
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Andreas Herz
More information about the Oisf-users
mailing list