[Discussion] Large number of IP's to monitor

• Previous message (by thread): [Discussion] Suricata update
• Next message (by thread): [Discussion] Large number of IP's to monitor
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

We are running Suricata 1.2.1 and want to scan packets for a large set of
IP's. (our .rules file contains almost 100 000 entries, one for each IP)

Creation of the new sid-msg.map works out fine. When restarting suricata it
starts filling up the SWAP after a while and it is automatically killed.

Is there some kind of preprocessor that can be used to filter on IP's?

Thanks for wanting to help us.

Gtz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20120322/05a09649/attachment-0002.html>

• Previous message (by thread): [Discussion] Suricata update
• Next message (by thread): [Discussion] Large number of IP's to monitor
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]