The problem of data latency when network traffic is particularly high #517
Replies: 4 comments
-
|
I don't understand what you're saying: what do you mean the suricata alarm? Just that the data is taking an hour to show up? Or does the data have incorrect time stamps? What are your system specs? Is it with or without a network sensor? Is the other data (zeek?) showing up correctly? I'm going to be on vacation until December 2nd, but I will follow up here when I return. |
Beta Was this translation helpful? Give feedback.
-
malcolm k8s |
Beta Was this translation helpful? Give feedback.
-
|
Converting to a troubleshooting discussion, we can continue the conversation there. |
Beta Was this translation helpful? Give feedback.
-
|
Is Malcolm doing the traffic capture in an all-in-one/standalone mode, or are you using a network sensor running hedgehog linux? What are the resources (CPU and memory, and are the disks HDD or SSD?) for the malcolm server and sensor, if applicable? There are some things you can try to tweak resources for performance:
This is not an issue I've ever seen before. |
Beta Was this translation helpful? Give feedback.
-
When the network traffic is particularly high, the Suricata alarm shows a delay of one hour in the dashboard. Is there any good solution to this?
I feel like Logstash can't forward it anymore
Beta Was this translation helpful? Give feedback.
All reactions