Support #3239
closed
Configure the best performance when running large numbers of files offline
Added by dong duy over 4 years ago.
Updated over 3 years ago.
Description
Assuming my suricata is located on the server and 1TB pcap file is downloaded daily to the server. suricata will scan every day with all that pcap file offline. So how to configure suricata to work with good performance, fastest and run in multithreaded mode. If possible, can you give me the yaml source code? Thank you !!
- Priority changed from High to Normal
- Target version changed from 4.1.5 to Support
- Effort deleted (
medium)
- Difficulty deleted (
high)
- Assignee set to Community Ticket
So do I understand you correctly, you have a system where you get pcaps and want to run suricata while you feed it with those pcaps?
You don't have the chance to feed the traffic directly?
Are the pcaps split to smaller sizes?
Depending on the memory you should try to set high memcap values.
- Status changed from New to Closed
Also available in: Atom
PDF