The problem of data latency when network traffic is particularly high #517
-
|
When the network traffic is particularly high, the Suricata alarm shows a delay of one hour in the dashboard. Is there any good solution to this? |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
|
I don't understand what you're saying: what do you mean the suricata alarm? Just that the data is taking an hour to show up? Or does the data have incorrect time stamps? What are your system specs? Is it with or without a network sensor? Is the other data (zeek?) showing up correctly? I'm going to be on vacation until December 2nd, but I will follow up here when I return. |
Beta Was this translation helpful? Give feedback.
-
malcolm k8s |
Beta Was this translation helpful? Give feedback.
-
|
Converting to a troubleshooting discussion, we can continue the conversation there. |
Beta Was this translation helpful? Give feedback.
-
|
Is Malcolm doing the traffic capture in an all-in-one/standalone mode, or are you using a network sensor running hedgehog linux? What are the resources (CPU and memory, and are the disks HDD or SSD?) for the malcolm server and sensor, if applicable? There are some things you can try to tweak resources for performance:
This is not an issue I've ever seen before. |
Beta Was this translation helpful? Give feedback.
-
|
As I haven't heard from you here in 3 weeks, I'll assume this helped you go in the right direction. Best of luck! |
Beta Was this translation helpful? Give feedback.
Is Malcolm doing the traffic capture in an all-in-one/standalone mode, or are you using a network sensor running hedgehog linux?
What are the resources (CPU and memory, and are the disks HDD or SSD?) for the malcolm server and sensor, if applicable?
There are some things you can try to tweak resources for performance:
pipelinevariables and the memory allowances inLS_JAVA_OPTS.This is not an issue I've ever seen before.