Hey guys…
I am relatively new to Suricata and have been finding its capabilities for network intrusion detection and prevention. I am setting it up in an environment with a high traffic volume (~10 Gbps) and was wondering if anyone could share tips or best practices for optimizing Suricata’s performance in such scenarios.
Specifically, I am looking for guidance on:
- Configuring multi-threading effectively.
- Tuning memory and buffer settings for better throughput.
- Best hardware setups for maximizing performance (e.g., NIC recommendations).
- Avoiding common pitfalls in high-performance deployments.
I check this: https://forum.suricata.io/t/can-suricata-read-traffic-from-a-log-server-perform-analysis-without-an-network-interface-to-monitjiracertification But I have not found any solution. Could anyone guide me about this? I am currently using Suricata 7.0 on a Linux server with dual Xeon processors and 64GB of RAM. Any advice, resources, or real-world experiences would be greatly appreciated!
Thanks in advance!
Respected community member!