[Oisf-users] Hello and question about setting up Suricata as a Web Application IDS

Victor Julien victor at inliniac.net
Thu Mar 24 11:31:14 UTC 2011

On 03/24/2011 11:19 AM, Michiel van Es wrote:
>  My Question:
>  What is the quickest way to copy my snort config or start with a new 
>  config that only does web application detection and alerting?
>  Should I copy/use the /etc/snort/rules/web-*.rules and nothing else?
>  Is someone already using this kind of IDS/WA(F) setup to monitor their 
>  web applications?
>  Also, I found out that Suricata is using 24% of my total physical 
>  memory (2 GB) when running with the default suricata-debian.yaml config 
>  , can I reduce that amount of memory usage?

Most memory is used by the rules, so reduce the ruleset is one strategy.
More recent code also uses less memory.

Further memory reduction can be done in suricata.yaml. To see how please
have a look at the extensive documentation we have in place for it:


Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list