Project

General

Profile

Actions
Copy link

Support #2989

closed
JS CT

suricata parses lowly in a large traffic

Support #2989: suricata parses lowly in a large traffic

Added by John Smith almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Community Ticket
Affected Versions:
4.0.5
Label:

Description

When suricata in NFQ mode,and I send a large traffic like 3,840kb/s,It shows a very low speed to parse the packages.I use 'ping' and the return time is 2634ms.So is there a good way to solve this problem?

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
 #1

  • Assignee deleted (Victor Julien)
  • Target version deleted (4.1.5)

Please don't set the target version in new tickets.

Can you describe your setup?

AH Updated by Andreas Herz almost 7 years ago Actions
Copy link
 #2

  • Assignee set to Community Ticket
  • Target version set to Support

JS Updated by John Smith almost 7 years ago Actions
Copy link
 #3

do I need to change somethings in the suricata.yaml? If suricata in the NFQ mode

AH Updated by Andreas Herz over 6 years ago Actions
Copy link
 #4

John Smith wrote:

do I need to change somethings in the suricata.yaml? If suricata in the NFQ mode

That depends, the only thing necessary is setting the queues when you run suricata (-q parameter).
But without more details about your setup, iptables rules etc. it's hard to tell you what might be the issue.

AH Updated by Andreas Herz over 6 years ago Actions
Copy link
 #5

  • Status changed from New to Feedback

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #6

  • Status changed from Feedback to Closed
Actions
Copy link

Also available in: PDF Atom