<div>Thanks, I'll check them out.</div><div><br><div class="gmail_quote"><div>On Thu, May 3, 2018 at 11:47 AM Cooper F. Nelson <<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  <div text="#000000" bgcolor="#FFFFFF">

    <div class="m_4926726962534851933moz-cite-prefix">1.  Check out SEPTUN 1 & 2.<br>

      <br>

      <blockquote type="cite"><a class="m_4926726962534851933moz-txt-link-freetext" href="https://github.com/pevma/SEPTun" target="_blank">https://github.com/pevma/SEPTun</a></blockquote>

      <br>

      2.  Overbuild your sensor, you need a large http/stream depth to

      properly track files.  I would suggest 4 gigs per core if you want

      to extract and hash all http files.  <br>

      <br>

      3.  Setup a BTRFS dedicated RAID 10 container with LZOP

      compression to store/archive them.  <br>

      <br>

      -Coop</div></div><div text="#000000" bgcolor="#FFFFFF"><div class="m_4926726962534851933moz-cite-prefix"><br>

      <br>

      On 5/3/2018 8:38 AM, Carl Rotenan wrote:<br>

    </div></div><div text="#000000" bgcolor="#FFFFFF"><blockquote type="cite">

      <pre>Hello,

What would be required to get Suricata to support 10G of traffic in IDS

mode, and extracting and hashing files on that traffic?

Thanks,

Carl

</pre>

      <br>

      <fieldset class="m_4926726962534851933mimeAttachmentHeader"></fieldset>

      <br>

      </blockquote></div><div text="#000000" bgcolor="#FFFFFF"><blockquote type="cite"><pre>_______________________________________________

Suricata IDS Users mailing list: <a class="m_4926726962534851933moz-txt-link-abbreviated" href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a>

Site: <a class="m_4926726962534851933moz-txt-link-freetext" href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a class="m_4926726962534851933moz-txt-link-freetext" href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a>

List: <a class="m_4926726962534851933moz-txt-link-freetext" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>

Conference: <a class="m_4926726962534851933moz-txt-link-freetext" href="https://suricon.net" target="_blank">https://suricon.net</a>

Trainings: <a class="m_4926726962534851933moz-txt-link-freetext" href="https://suricata-ids.org/training/" target="_blank">https://suricata-ids.org/training/</a></pre>

    </blockquote></div><div text="#000000" bgcolor="#FFFFFF">

    <p><br>

    </p>

    <pre class="m_4926726962534851933moz-signature" cols="72">-- 

Cooper Nelson

Network Security Analyst

UCSD ITS Security Team

<a class="m_4926726962534851933moz-txt-link-abbreviated" href="mailto:cnelson@ucsd.edu" target="_blank">cnelson@ucsd.edu</a> x41042</pre>

  </div></blockquote></div></div>