[Oisf-users] Hardware specs for monitoring 100GB
Nelson, Cooper
cnelson at ucsd.edu
Tue Jan 14 19:03:57 UTC 2020
The various ‘top’ tools, like htop and iotop, can be used to at least ‘spot check’ live performance and look for issues. You want to monitor “I/O wait”:
https://unix.stackexchange.com/questions/419168/how-to-find-out-iowait-per-process-on-linux-with-top-command
For example, I found an issue with btrfs where file fragmentation over time was causing periodic long periods of blocked I/O and all suricata threads sitting idle until the backlog was cleared. Enabling autodefrag for the volume and rebooting resolved this.
-Coop
From: Peter Manev <petermanev at gmail.com>
Sent: Friday, December 27, 2019 12:12 AM
To: Nelson, Cooper <cnelson at ucsd.edu>
Cc: Michał Purzyński <michalpurzynski1 at gmail.com>; Drew Dixon <dwdixon at umich.edu>; Daniel Wallmeyer <Daniel.Wallmeyer at cisecurity.org>; oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Hardware specs for monitoring 100GB
I am trying to find a measurable,consistent, repetitive way of easy figuring out if the system bus becomes a bottle neck and when on huge speeds. Any suggestions or pointers are welcome :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200114/f0db8d4f/attachment.html>
More information about the Oisf-users
mailing list