Project

General

Profile

Actions
Copy link

Support #2622

closed

The big difference in execution time between enabled and disabled eve-log

Added by Mark Smith over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Good afternoon!

After several tests using the same pcap file I noticed that execution time with disabled eve-log much bigger than with enabled one (5-10 times). All other settings was the same.
It seems strange to me.
Can anyone explain me why this happen?

Actions
Copy link
 #1

Updated by Peter Manev over 5 years ago

Can you please share a bit more information on how do you run the test comparison - Suricata version, pcap info (aka 1GB mixed traffic), actual time diff between the runs , run command, suricata --build-info output, what type of rules etc..

Thank you

Actions
Copy link
 #2

Updated by Victor Julien about 5 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF