[Oisf-users] 40GB inspection and I/O write speed concerns
Peter Manev
petermanev at gmail.com
Mon Jul 22 15:13:46 UTC 2019
> On 22 Jul 2019, at 08:34, Jeremy A. Grove <jgrove at quadrantsec.com> wrote:
>
> Hi All,
>
> I am looking for advice. We are working on setting up a machine for potential 40GB a second on inspection. Our concern comes in the write speed of the I/O to disk as the meta-data that Suricata creates is important to us. Does anyone have experience with this? I have listed some of our set up below. Are there any suggestions or known issues that I should be aware of.
>
My five cents to start with:
I would split the logging per event_type and only log what is needed not just everything as some logs depending on the traffic could be very very verbose- like dns/fileinfo on university network etc..
Also filter out if possible with a bpf(or on the mirror /tap) what is not relevant too.
> DL360 Gen 10
> P408I-A (Raid Card)
> 4 x 2TB SSD in RAID 10 (Part number 877788-B21)
> Mixed use SSDs
>
>
> Thanks!
>
> Jeremy Grove, SSCP
> Security Engineer
> Quadrant Information Security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190722/c71ffa91/attachment.html>
More information about the Oisf-users
mailing list