Suricata
devguide/frame-support/v11
1. What is Suricata
2. Quickstart guide
3. Installation
4. Upgrading
5. Command Line Options
6. Suricata Rules
7. Rule Management
8. Making sense out of Alerts
9. Performance
9.1. Runmodes
9.2. Packet Capture
9.3. Tuning Considerations
9.4. Hyperscan
9.5. High Performance Configuration
9.6. Statistics
9.7. Ignoring Traffic
9.8. Packet Profiling
9.9. Rule Profiling
9.10. Tcmalloc
9.11. Performance Analysis
10. Configuration
11. Reputation
12. Init Scripts
13. Setting up IPS/inline for Linux
14. Setting up IPS/inline for Windows
15. Output
16. Lua support
17. File Extraction
18. Public Data Sets
19. Using Capture Hardware
20. Interacting via Unix Socket
21. 3rd Party Integration
22. Man Pages
23. Acknowledgements
24. Licenses
Suricata
»
9.
Performance
Edit on GitHub
9.
Performance
ΒΆ
9.1. Runmodes
9.1.1. Different runmodes
9.2. Packet Capture
9.2.1. Load balancing
9.2.2. RSS
9.2.3. Offloading
9.2.4. Recommendations
9.3. Tuning Considerations
9.3.1. max-pending-packets: <number>
9.3.2. mpm-algo: <ac|hs|ac-bs|ac-ks>
9.3.3. detect.profile: <low|medium|high|custom>
9.3.4. detect.sgh-mpm-context: <auto|single|full>
9.3.5. af-packet
9.3.6. ring-size
9.3.7. stream.bypass
9.4. Hyperscan
9.4.1. Introduction
9.4.2. Compilation
9.4.3. Using Hyperscan
9.4.4. Ubuntu Hyperscan Installation
9.4.4.1. libboost headers
9.4.4.2. Trusty
9.4.4.3. Hyperscan
9.5. High Performance Configuration
9.5.1. NIC
9.5.2. CPU affinity and NUMA
9.5.2.1. Intel based systems
9.5.2.2. AMD based systems
9.5.2.3. Other considerations
9.6. Statistics
9.6.1. stats.log file
9.6.1.1. Detecting packet loss
9.6.2. Kernel drops
9.6.3. Tools to plot graphs
9.7. Ignoring Traffic
9.7.1. capture filters (BPF)
9.7.1.1. BPF and IPS
9.7.2. pass rules
9.7.3. suppress
9.7.4. encrypted traffic
9.7.5. bypassing traffic
9.8. Packet Profiling
9.9. Rule Profiling
9.10. Tcmalloc
9.10.1. Installation
9.10.2. Usage
9.11. Performance Analysis
9.11.1. System Load
9.11.2. Logfiles
9.11.3. Suricata Load
9.11.4. Traffic
9.11.4.1. Basics
9.11.4.2. Advanced
9.11.4.3. Elephant Flows
9.11.5. Rules