I installed suricata on my server and activated about 2000 rules.
When checking htop, CPU and RAM are free, but packet loss is still occurring.
Server Model: PowerEdge R740xd
CPU: Intel(R) Xeon(R) Gold 6238 CPU @ 2.10GHz(44 core)
RAM: 64 GB
NIC: NetXtreme BCM5720
CPU and RAM are also available. What is the reason for packet loss and where should I fix it?
Moloch is also installed on the server, but packet loss does not occur in Moloch.
See if this discussion can help you:
I updated to suricata version 6.0.2, and modified the settings by referring to the link.
Packet loss was reduced.
However, tcp.segment_memcap_drop in stats.log continues to occur, but I want to know what tcp.segment_memcap_drop means.
You seem to hit the memcap which could result in drops. If you have some memory left you can increase the memcap value in the config and try again.