Good day!
Device: Netgate 8200 MAX
Interface: LAN/VLAN (ix1)
With Suricata in inline mode, throughput falls from ~1 Gbps to ~300 Mbps.
With Suricata in legacy mode, throughput remains ~1 Gbps.
What might be causing this?
iperf results;
Perhaps, Suricata specific stats would have a hint if it’s Suricata’s doing.
Hi @sbhardwaj
Thank you for the reply
Can you please guide me on how/where to check Suricata specific stats?
Thank you!
Suricata statistics are normally available in two places
- EVE output – look for event_type of stats
- stats.log – this will be in the logging output directory (same location as eve.json)
1 Like
The Suricata binary used in the pfSense package is customized. You should ask questions about Suricata on pfSense in the Netgate forum here: IDS/IPS | Netgate Forum .
Additionally, Suricata on pfSense has a GUI wrapper that controls how the underlying binary is configured. That means requests for certain types of logs or other information as part of troubleshooting will be either difficult, or in some cases impossible, to satisfy due to the underlying default settings in the suricata.yaml file that are maintained by the GUI’s PHP code.
1 Like
Thank you!