Project

General

Profile

Actions

Support #2989

closed

suricata parses lowly in a large traffic

Added by John Smith over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Affected Versions:
Label:

Description

When suricata in NFQ mode,and I send a large traffic like 3,840kb/s,It shows a very low speed to parse the packages.I use 'ping' and the return time is 2634ms.So is there a good way to solve this problem?

Actions #1

Updated by Victor Julien over 5 years ago

  • Assignee deleted (Victor Julien)
  • Target version deleted (4.1.5)

Please don't set the target version in new tickets.

Can you describe your setup?

Actions #2

Updated by Andreas Herz over 5 years ago

  • Assignee set to Community Ticket
  • Target version set to Support
Actions #3

Updated by John Smith over 5 years ago

do I need to change somethings in the suricata.yaml? If suricata in the NFQ mode

Actions #4

Updated by Andreas Herz over 5 years ago

John Smith wrote:

do I need to change somethings in the suricata.yaml? If suricata in the NFQ mode

That depends, the only thing necessary is setting the queues when you run suricata (-q parameter).
But without more details about your setup, iptables rules etc. it's hard to tell you what might be the issue.

Actions #5

Updated by Andreas Herz over 5 years ago

  • Status changed from New to Feedback
Actions #6

Updated by Victor Julien over 5 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF