[Oisf-devel] how to tune suricata.yaml if I only record http access log with suricata

Delta Yeh delta.yeh at gmail.com
Thu Sep 15 05:20:36 UTC 2011


Thank you for you info.
What I try to do is to test the memory/cpu resource suricata require
w/o signature.
There is some doc on high performance, but there is no doc with empty signature.

2011/9/15 Martin Holste <mcholste at gmail.com>:
> Suricata is the wrong tool for that job.  Use httpry if you only want to
> record http logs.
>
> On Wednesday, September 14, 2011, Delta Yeh <delta.yeh at gmail.com> wrote:
>> Hi,
>>  If  I use suricata only to record http  access log, that means I
>> don't need any IDS signature,
>> how to tune suricata.yaml to minimize the memory  of suricata and gain
>> highest performance.
>>  For example, how to set detect-engine  and mpm-algo ?
>>
>> BR,
>> DeltaY
>> _______________________________________________
>> Oisf-devel mailing list
>> Oisf-devel at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>



More information about the Oisf-devel mailing list