[Oisf-users] Consequences of PF_RING enable_tx_capture=0?
Victor Julien
victor at inliniac.net
Tue Jun 14 06:55:19 UTC 2011
On 06/14/2011 12:18 AM, David Kay wrote:
> Hello all,
>
> Will there be any problems or performance implications when Suricata
> encounters a $HOME_NET->$EXTERNAL_NET tx rule? Should I parse my rules
> to remove them all, or will it not make much of a difference? (Only a
> small percentage of my rules currently are of this type.)
>
I think the only thing this does is capture traffic the IDS host itself
sends. For the rest of the network traffic you monitor it should not
make a difference.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list