[Zeek] How can I reduce my packet loss - bro version 2.6.3
Justin Azoff
justin at corelight.com
Mon Sep 30 11:32:42 PDT 2019
On Mon, Sep 30, 2019 at 1:45 PM Kayode Enwerem <
Kayode_Enwerem at ao.uscourts.gov> wrote:
>
> I have 32 CPUs on this server and CPU model name is - AMD Opteron(tm)
> Processor 6386 SE
>
People have been having issues with older opterons like that for a long
time. They have a lot of cores, but the single core performance is about
half that of a more recent CPU.
With 32 real cores (assuming this is a dual socket system) I'd try running
closer to 28 workers which gives you 20% more capacity over 23.
After that, you need to look at the conn.log to determine where your
capture loss is coming from by looking at the missed_bytes column. You may
have some elephant flows that are accounting for the majority of that loss.
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190930/ba862004/attachment-0001.html
More information about the Zeek
mailing list