Closed dougburks closed 1 year ago
Suricata config items are complete. Just need grafana
Looks like tpacket-v3
is still commented out:
Is that intentional?
UPDATE: Mike pointed out that tpacket-v3
is enabled here:
https://github.com/Security-Onion-Solutions/securityonion-saltstack/blob/feature/suripillar/salt/suricata/files/defaults.yaml#L767
We need to pull the metrics out and send them to telegraf and create additional graphs. Graph memuse. Max the graph at the current memcap.
Per https://suricata.readthedocs.io/en/latest/performance/tuning-considerations.html, we should set defaults and allow tuning for high performance.
In
suricata.yaml
, we should increase the defaultmax-pending-packets
value to at least what we set in current platform, which is5000
and allow it to be tuned.We should probably enable the following under
af-packet
:We should expose the following so the user can increase when necessary:
Grafana should display additional stats from Suricata's
stats.log
so that we can tell if any memcap limitations are being reached and need to be tuned. It would be nice if Grafana could show the value fromsuricata.yaml
and compare that to the actual usage instats.log
.