[Zeek] Bro 2.6.1 packet loss

Edgmand, Craig craig.edgmand at okstate.edu
Wed Jan 23 10:16:25 PST 2019


You have to use bro-pkg manager to get the pf_ring plugin now.


From: zeek-bounces at zeek.org <zeek-bounces at zeek.org> On Behalf Of COLIN BLAIR
Sent: Wednesday, January 23, 2019 12:04 PM
To: zeek at zeek.org
Subject: [Zeek] Bro 2.6.1 packet loss

**External Email - Please verify sender email address before responding.**
We are testing the latest release on our sensors and are seeing larger packet drops than the previous 2.5.5.

We are running a local cluster with the following

node.cfg:
[manager]
localhost

[logger]
localhost

[proxy-1]
localhost

[worker-1]
localhost
lb_method = pf_ring
lb_procs = 20
pin_cpus = 0-19

System:
Xeon D-1587 16 cores, 32 logical, 1.7 Ghz
128GB DDR4 2133Mhz
8TB SSD
Intel 10GBase-T X557

We are dropping traffic @ 250 Mb/s with this config. We have already tuned the BIOS, NIC and sysctl.d. Did the netstats command get updated in the latest release? We did not see this poor performance with bro 2.5.5. Can you provide any other suggestions?

Also, did the pf_ring plugin get removed?

R,
CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190123/1f6ef202/attachment.html 


More information about the Zeek mailing list