doc: add rule profiling information

diff --git a/doc/userguide/rule-management/index.rst b/doc/userguide/rule-management/index.rst
index b38ee566a50a09c006f75bb7384355c5b7edd5d1..633824f54a0d8080033e8168f3422f8d1df39566 100644 (file)
--- a/doc/userguide/rule-management/index.rst
+++ b/doc/userguide/rule-management/index.rst
@@ -6,3 +6,4 @@ Rule Management
   suricata-update
   adding-your-own-rules
   rule-reload
+  rule-profiling

diff --git a/doc/userguide/rule-management/rule-profiling.rst b/doc/userguide/rule-management/rule-profiling.rst
new file mode 100644 (file)
index 0000000..fa94df3
--- /dev/null
+++ b/doc/userguide/rule-management/rule-profiling.rst
@@ -0,0 +1,28 @@
+Rules Profiling
+===============
+
+If Suricata is built with the --enable-profiling-rules then the ruleset profiling
+can be activated on demand from the unix socket and dumped from it.
+
+To start profiling ::
+
+ surictasc -c ruleset-profile-start
+
+To stop profiling ::
+
+ surictasc -c ruleset-profile-stop
+
+To dump profiling ::
+
+ suricatasc -c ruleset-profile
+
+A typical scenario to get rules performance would be ::
+
+ surictasc -c ruleset-profile-start
+ sleep 30
+ surictasc -c ruleset-profile-stop
+ suricatasc -c ruleset-profile
+
+On busy systems, using the sampling capability to capture performance
+on a subset of packets can be obtained via the `sample-rate` variable
+in the `profiling` section.