Eve-log output data
I have compiled suricata with netmap as well as pf_ring. When i tried both capture mode surprisingly with same other configurations their eve-log output is lot different. PF_Ring eve-log output is appx 10x than netmap.
RSS value in both case is 1.
eve-log output to redis list.
eve-log output stats.capture.kernel_drop value is zero in case of netmap while in case of pf_ring value is greater than 1.
After engine stopped, PF_Ring stats says drop percentage is appx. 40% with data rate 5-10gbps, while in case of netmap i got an error
ERRCODE: S_ERROR_FATAL(171) Engine unable to disable to detect thread - 'w#02-ens192' killing engine
Can anybody help me what i am doing wrong?