Support #3239
closedConfigure the best performance when running large numbers of files offline
Description
Assuming my suricata is located on the server and 1TB pcap file is downloaded daily to the server. suricata will scan every day with all that pcap file offline. So how to configure suricata to work with good performance, fastest and run in multithreaded mode. If possible, can you give me the yaml source code? Thank you !!
Updated by Victor Julien over 4 years ago
- Priority changed from High to Normal
- Target version changed from 4.1.5 to Support
- Effort deleted (
medium) - Difficulty deleted (
high)
Updated by Andreas Herz over 4 years ago
- Assignee set to Community Ticket
So do I understand you correctly, you have a system where you get pcaps and want to run suricata while you feed it with those pcaps?
You don't have the chance to feed the traffic directly?
Are the pcaps split to smaller sizes?
Depending on the memory you should try to set high memcap values.
Updated by Andreas Herz over 3 years ago
- Status changed from New to Closed
Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs