Suricata
suricata-6.0.1
  • 1. What is Suricata
  • 2. Quickstart guide
  • 3. Installation
  • 4. Upgrading
  • 5. Command Line Options
  • 6. Suricata Rules
  • 7. Rule Management
  • 8. Making sense out of Alerts
  • 9. Performance
    • 9.1. Runmodes
    • 9.2. Packet Capture
    • 9.3. Tuning Considerations
    • 9.4. Hyperscan
    • 9.5. High Performance Configuration
    • 9.6. Statistics
    • 9.7. Ignoring Traffic
    • 9.8. Packet Profiling
    • 9.9. Rule Profiling
    • 9.10. Tcmalloc
    • 9.11. Performance Analysis
  • 10. Configuration
  • 11. Reputation
  • 12. Init Scripts
  • 13. Setting up IPS/inline for Linux
  • 14. Setting up IPS/inline for Windows
  • 15. Output
  • 16. Lua support
  • 17. File Extraction
  • 18. Public Data Sets
  • 19. Using Capture Hardware
  • 20. Interacting via Unix Socket
  • 21. 3rd Party Integration
  • 22. Man Pages
  • 23. Acknowledgements
  • 24. Licenses
Suricata
  • Docs »
  • 9. Performance
  • Edit on GitHub

9. PerformanceΒΆ

  • 9.1. Runmodes
    • 9.1.1. Different runmodes
  • 9.2. Packet Capture
    • 9.2.1. Load balancing
    • 9.2.2. RSS
    • 9.2.3. Offloading
    • 9.2.4. Recommendations
  • 9.3. Tuning Considerations
    • 9.3.1. max-pending-packets: <number>
    • 9.3.2. mpm-algo: <ac|hs|ac-bs|ac-ks>
    • 9.3.3. detect.profile: <low|medium|high|custom>
    • 9.3.4. detect.sgh-mpm-context: <auto|single|full>
    • 9.3.5. af-packet
    • 9.3.6. ring-size
    • 9.3.7. stream.bypass
  • 9.4. Hyperscan
    • 9.4.1. Introduction
    • 9.4.2. Compilation
    • 9.4.3. Using Hyperscan
    • 9.4.4. Ubuntu Hyperscan Installation
      • 9.4.4.1. libboost headers
      • 9.4.4.2. Trusty
      • 9.4.4.3. Hyperscan
  • 9.5. High Performance Configuration
    • 9.5.1. NIC
    • 9.5.2. CPU affinity and NUMA
      • 9.5.2.1. Intel based systems
      • 9.5.2.2. AMD based systems
      • 9.5.2.3. Other considerations
  • 9.6. Statistics
    • 9.6.1. stats.log file
      • 9.6.1.1. Detecting packet loss
    • 9.6.2. Kernel drops
    • 9.6.3. Tools to plot graphs
  • 9.7. Ignoring Traffic
    • 9.7.1. capture filters (BPF)
      • 9.7.1.1. BPF and IPS
    • 9.7.2. pass rules
    • 9.7.3. suppress
    • 9.7.4. encrypted traffic
    • 9.7.5. bypassing traffic
  • 9.8. Packet Profiling
  • 9.9. Rule Profiling
  • 9.10. Tcmalloc
    • 9.10.1. Installation
    • 9.10.2. Usage
  • 9.11. Performance Analysis
    • 9.11.1. System Load
    • 9.11.2. Logfiles
    • 9.11.3. Suricata Load
    • 9.11.4. Traffic
      • 9.11.4.1. Basics
      • 9.11.4.2. Advanced
      • 9.11.4.3. Elephant Flows
    • 9.11.5. Rules
Next Previous

© Copyright 2016-2019, OISF Revision e860b9ee.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: suricata-6.0.1
Versions
latest
suricata-6.0.1
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-6.0.0
suricata-5.0.5
suricata-5.0.4
suricata-5.0.3
suricata-5.0.2
suricata-5.0.1
suricata-5.0.0-rc1
suricata-5.0.0-beta1
suricata-5.0.0
suricata-4.1.9
suricata-4.1.8
suricata-4.1.7
suricata-4.1.6
suricata-4.1.5
suricata-4.1.4
suricata-4.1.3
suricata-4.1.2
suricata-4.1.10
suricata-4.1.1
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.1.0-beta1
suricata-4.1.0
suricata-4.0.7
suricata-4.0.6
suricata-4.0.5
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-4.0.1
suricata-4.0.0-rc2
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-4.0.0
suricata-3.2rc1
suricata-3.2beta1
suricata-3.2.5
suricata-3.2.4
suricata-3.2.3
suricata-3.2.2
suricata-3.2.1
suricata-3.2
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds
Free document hosting provided by Read the Docs.