-
Notifications
You must be signed in to change notification settings - Fork 518
sosetup: Production Mode should automatically configure PF_RING instances based on number of CPU cores #735
Comments
Should this be done for Best Practices? Also, for Advanced Setup (Custom), should this be an option (whether or not to configure based on the number of cores)? I would think that the Custom mode/option should allow for more configuration options rather than automatically configuring the number of PR_RING instances--I would think this would be reserved for cases where individuals being introduced to Security Onion may not necessarily be privy to why they would need to configure a greater number of PR_RING instances, but would benefit from the automatic optimization. Thanks, |
Yes: Choosing "Production Mode" and then "Best Practices" should result in automatically configuring PF_RING instances based on number of CPU cores. Choosing "Production Mode" and then "Custom" should allow the user to set their own number of PF_RING instances. Although it might be nice to suggest a number to the user. |
Submitted for testing: |
Hi Guys |
If you choose "Best Practices", then Security Onion will configure this Thanks,
|
Yep, I know this. |
If you are sure you experienced this, could you please post the exact Thanks,
|
Yes I am sure of this. I have just gone through it again. I simply went through the setup and enabled IDS and Bro and had nothing about how many cores I want to use. |
Did setup successfully complete? Were you installing a sensor or a standalone? Did you install using the ISO or the PPA? Also, please continue this discussion by posting your question here: Thanks, |
I forgot, if you have 4 cores or fewer, configuration will happen like this (to avoid overworking the box): -1 core reserved for netsniff-ng for each configured sniffing interface Remaining cores will be split up for IDS/Bro: For a machine with 8 cores, Custom configuration should configure the machine as follows: Remaining number of cores available for use with IDS/BRO: If you have 2 sniffing interfaces, for an 8 core box you would get the following: -1 core reserved for netsniff-ng for each configured sniffing interface (2) Remaining number of cores split for use between IDS/BRO: -2 cores available for IDS - Will provide recommendation, and allow you to choose # of cores (up to 2). I hope this sheds some light on why the setup acts the way it does. I'm assuming you're experiencing this behavior because your machine is using 4 or fewer CPU cores. Thanks, |
Hi Wes |
You can always modify this after Setup: If you have further questions or problems, please use our mailing list: Thanks! |
No description provided.
The text was updated successfully, but these errors were encountered: