[Oisf-users] 40GB inspection and I/O write speed concerns
Nelson, Cooper
cnelson at ucsd.edu
Mon Jul 22 15:23:55 UTC 2019
I setup something like this.
You should be fine given you have SSDs. I would recommend using the btrfs filesystem with lzop compression enabled, as the EVE JSON format compresses very well.
-Coop
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Jeremy A. Grove
Sent: Monday, July 22, 2019 7:35 AM
To: oisf-users <oisf-users at lists.openinfosecfoundation.org>
Subject: [Oisf-users] 40GB inspection and I/O write speed concerns
Hi All,
I am looking for advice. We are working on setting up a machine for potential 40GB a second on inspection. Our concern comes in the write speed of the I/O to disk as the meta-data that Suricata creates is important to us. Does anyone have experience with this? I have listed some of our set up below. Are there any suggestions or known issues that I should be aware of.
DL360 Gen 10
P408I-A (Raid Card)
4 x 2TB SSD in RAID 10 (Part number 877788-B21)
Mixed use SSDs
Thanks!
Jeremy Grove, SSCP
Security Engineer
Quadrant Information Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190722/9bf845a1/attachment-0001.html>
More information about the Oisf-users
mailing list