Project

General

Profile

Actions
Copy link

Support #3239

closed

Configure the best performance when running large numbers of files offline

Added by dong duy over 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Community Ticket
Affected Versions:
Label:

Description

Assuming my suricata is located on the server and 1TB pcap file is downloaded daily to the server. suricata will scan every day with all that pcap file offline. So how to configure suricata to work with good performance, fastest and run in multithreaded mode. If possible, can you give me the yaml source code? Thank you !!

Actions
Copy link
 #1

Updated by Victor Julien over 4 years ago

  • Priority changed from High to Normal
  • Target version changed from 4.1.5 to Support
  • Effort deleted (medium)
  • Difficulty deleted (high)
Actions
Copy link
 #2

Updated by Andreas Herz over 4 years ago

  • Assignee set to Community Ticket

So do I understand you correctly, you have a system where you get pcaps and want to run suricata while you feed it with those pcaps?
You don't have the chance to feed the traffic directly?
Are the pcaps split to smaller sizes?
Depending on the memory you should try to set high memcap values.

Actions
Copy link
 #3

Updated by Andreas Herz over 3 years ago

  • Status changed from New to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions
Copy link

Also available in: Atom PDF