xiangwang1
commented
5 years ago What kind of rules and traffic are you using? Do you use Suricata's default large rule-set for testing?
Open Shelton-Yang opened 5 years ago
xiangwang1
commented
5 years ago What kind of rules and traffic are you using? Do you use Suricata's default large rule-set for testing?
Shelton-Yang
commented
5 years ago 对,我把suricata-update能提供的免费的规则库都开启了,把报错的规则disable掉之后,大概有3000+条规则。至于流量,是我在公司网络出口抓取的镜像流量包,并将其用tcpreplay回放出来的流量。 Yes, I've opened the free rule base that suricata-update can provide. After I disabled the error-reporting rules, there are about 3000 + rules. As for traffic, I grabbed the mirror traffic packet at the company network outlet and replayed it with tcpreplay.
Shelton-Yang
commented
5 years ago 你好,请问有空能解答一下吗?谢谢!
在E5-2620处理器的服务器上进行测试,无论是相同流量下处理器的占用率,还是对指定PCAP文件的扫描时间,开启hyperscan前后都没有变化。 是我的测试方法有问题吗?到底如何测试hyperscan的效果? Tests on servers armed with processor E5-2620 showed that both the processor occupancy rate under the same traffic and the scan time of same PCAP files was not changed before and after opening hyperscan.Is there something wrong with my test method? How to test the effect of hyperscan?