Running suricata in IDS mode on a home router (asus) which has 1GB RAM, all running well so far. Knowing this is not the ideal environment (memory and processor), what are counters to keep track of which would indicate suricata is unable to keep up with the throughput?
So far I, I’m not seeing any kernel_drops and am aware that drops greater than 1% are not good.
What other counters should I keep an eye out for and what tuning settings might I consider ?
Any guidance and references would be greatly appreciated.