
+2 <br><br><br><div class="gmail_quote">On Wed, Aug 8, 2012 at 6:40 PM, Will Metcalf <span dir="ltr"><<a href="mailto:william.metcalf@gmail.com" target="_blank">william.metcalf@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

+1 :)<br>

<br>

Regards,<br>

<br>

Will<br>

<div class="HOEnZb"><div class="h5"><br>

On Wed, Aug 8, 2012 at 11:35 AM, Eoin Miller<br>

<<a href="mailto:eoin.miller@trojanedbinaries.com">eoin.miller@trojanedbinaries.com</a>> wrote:<br>

> Wondering if we could increase the values slightly from 3072? Missing a<br>

> good deal of alerting because of these default values. Below is default<br>

> from suricata.yaml:<br>

><br>

> ---SNIP---<br>

> libhtp:<br>

><br>

>    default-config:<br>

>      personality: IDS<br>

>      # Can be specified in kb, mb, gb.  Just a number indicates<br>

>      # it's in bytes.<br>

>      request-body-limit: 3072<br>

>      response-body-limit: 3072<br>

> ---SNIP---<br>

><br>

><br>

> Maybe something more like:<br>

><br>

> ---SNIP---<br>

> libhtp:<br>

><br>

>    default-config:<br>

>      personality: IDS<br>

>      # Can be specified in kb, mb, gb.  Just a number indicates<br>

>      # it's in bytes.<br>

>      request-body-limit: 128kb<br>

>      response-body-limit: 512kb<br>

> ---SNIP---<br>

><br>

><br>

> -- Eoin<br>

> _______________________________________________<br>

> Oisf-users mailing list<br>

> <a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>

> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

_______________________________________________<br>

Oisf-users mailing list<br>

<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>

<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

</div></div></blockquote></div><br><br clear="all"><br>-- <br><div>Regards,</div>

<div>Peter Manev</div><br>