[Bro] CPU usage with no traffic on Bro 2.5 with AF_PACKET
Zeolla@GMail.com
zeolla at gmail.com
Sat Dec 17 09:16:22 PST 2016
I have a fork of 2.5 that may help. It's intended to minimize CPU load on
sensors that see low volume/sensor-local traffic. Check out the most
recent commits, shout out to Justin for the basis of the tweaks.
https://github.com/JonZeolla/bro/tree/topic/jonzeolla/low-volume
Jon
On Sat, Dec 17, 2016, 12:05 Ed Sealing <ed.sealing at sealingtech.org> wrote:
> I'm seeing ~6% CPU utilization on workers, with no traffic. Is that
> expected? Is there any way to minimize the CPU load?
>
> Using AF_PACKET plugin. The cores are isolated using "isolcpus", so
> nothing else should be running on them. Workers are pinned to the CPUs in
> the
>
> [worker-1]
> type=worker
> host=localhost
> interface=af_packet::eth1
> lb_method=custom
> lb_procs=14
> pin_cpus=1,2,3,4,5,6,7,9,10,11,12,13,14,15
>
>
> ~Ed
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Jon
Sent from my mobile device
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161217/47b1750a/attachment.html
More information about the Bro
mailing list