Packet loss more than 60%.

[fatema bannatwala <fatema.bannatwala () gmail com>]

Hi,

We have two snort sensors each with 40 cpu cores and running 19 snort
instances on CentOS 6.8.
I looked at the snort per processes stats on one of the sensors and noticed
a less
than ideal drop rate:

62.2% 0% dropped
29.5% 1-9% dropped
04.7% 10-19% dropped
02.1% 20-29% dropped
00.8% 30-39% dropped
00.4% 40-49% dropped
00.1% 50-59% dropped
00.1% 60-69% dropped

It would make sense that the processes dropping traffic are seeing more
traffic, so the total % of packets dropped is likely higher than what
the above would indicate.

Are there any specific settings that can be tweaked to reduce the capture
loss?
  I think commenting out some rules might be a better approach though.

CPU architecture info:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
CPU(s): 40
On-line CPU(s) list: 0-39
Thread(s) per core:  2
Model name:   Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz

Any help would be appreciated.

Thanks,
Fatema.

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!