Feel free to point me in the right direction and tell me to RTFM, but I figured I might as well post on here before I go off into weeds.
Here is the current state:
Suricata version 8.0.0 running in IDS mode
10 gig Duel NIC for monitoring 2 span ports. Both are flowing roughly 1.2gbs
HTOP:
perf:
screenshot available (new member can only post 1) but it shows nothing over 5%
tshark show two way traffic on both interfaces, screenshot available if needed (once again im a new guy)
I put it in worker mode and still get about a 10% drop rate. I’m sure their is something I am missing, any help would be greatly appreciated.