[Oisf-users] Suricata - Raspberry Pi
hkn kyn
hakan.eko2013 at gmail.com
Fri Aug 23 10:24:54 UTC 2019
Hello all,
It was my mistake that I have checked the output of tcpreplay not stats.log
for the packet drops. Now I can clearly see that at higher data rates there
are more packet drops which results with less generated number of alerts. I
have jsut one question.
If the workers mode is performing best in general why the default is autofp?
On Thu, 22 Aug 2019 at 23:29, hkn kyn <hakan.eko2013 at gmail.com> wrote:
> Hello all,
>
> I am currently testing Suricata 4.1.4 on Raspberry Pi 3B+. I am replaying
> pcap files with mixed network traffic to Pi and performing intrusion
> detection tests. I have replayed the traffic from 50 Mbit/s to 340 Mbit/s
> (as it is highest due to shared bus) and I have observed that generated
> number of alerts are significantly less at higher data transfer rates even
> though there are no packet drops. What may be the reason for this?
>
> Note: Suricata run on autofp mode.
>
> Best regards,
> --
> Hakan
>
--
Best Regard,
Hakan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190823/8b6ed076/attachment.html>
More information about the Oisf-users
mailing list