Package: suricata
Version: 1:4.0.0-2
Severity: wishlist
Tags: patch
To improve the performance of the Redis output backend, we could enable
libevent async support by default. According to upstream, this has no
negative effect on runtime performance if Redis is not used, but if it
is used it will reduce the amount of blocking writes to Redis. Blocking
socket writes can be a cause for dropped packets or events at runtime if
the consumer can not keep up with Suricata's event output rate.
While this change introduces a new runtime dependency to libevent, this
library is available on all architectures and does not restrict suricata's
availability.
Please also see attached patch.
Cheers
Sascha
diff --git a/debian/control b/debian/control
index 3c12d1b..5543146 100644
--- a/debian/control
+++ b/debian/control
@@ -8,6 +8,7 @@ Build-Depends: autotools-dev,
dh-autoreconf,
dh-systemd,
libcap-ng-dev,
+ libevent-dev,
libgeoip-dev,
libhiredis-dev,
libjansson-dev,
@@ -25,8 +26,8 @@ Build-Depends: autotools-dev,
libyaml-dev,
python,
zlib1g-dev | libz-dev,
- libhtp-dev (>= 1:0.5.25),
- procps
+ libhtp-dev (>= 1:0.5.25),
+ procps
X-Python-Version: >= 2.6
Standards-Version: 4.0.1
Homepage: https://www.suricata-ids.org/
diff --git a/debian/rules b/debian/rules
index f2c9aa1..69e1d41 100755
--- a/debian/rules
+++ b/debian/rules
@@ -29,6 +29,7 @@ CONFIGURE_ARGS = --enable-af-packet --enable-nfqueue
--enable-prelude --enable-n
--enable-gccprotect --disable-gccmarch-native \
--with-libnss-includes=/usr/include/nss
--with-libnss-libraries=/usr/lib/$(DEB_HOST_MULTIARCH) \
--with-libnspr-includes=/usr/include/nspr
--with-libnspr-libraries=/usr/lib/$(DEB_HOST_MULTIARCH) \
+ --with-libevent-includes=/usr/include
--with-libevent-libraries=/usr/lib/$(DEB_HOST_MULTIARCH) \
--disable-coccinelle \
--enable-geoip --enable-hiredis \
--enable-non-bundled-htp \
