[Oisf-users] Hello and question about setting up Suricata as a Web Application IDS
Michiel van Es
mve at pcintelligence.nl
Thu Mar 24 11:57:53 UTC 2011
On Thu, 24 Mar 2011 12:31:14 +0100, Victor Julien wrote:
> On 03/24/2011 11:19 AM, Michiel van Es wrote:
>> My Question:
>>
>> What is the quickest way to copy my snort config or start with a
>> new
>> config that only does web application detection and alerting?
>> Should I copy/use the /etc/snort/rules/web-*.rules and nothing
>> else?
>> Is someone already using this kind of IDS/WA(F) setup to monitor
>> their
>> web applications?
>>
>> Also, I found out that Suricata is using 24% of my total physical
>> memory (2 GB) when running with the default suricata-debian.yaml
>> config
>> , can I reduce that amount of memory usage?
>
> Most memory is used by the rules, so reduce the ruleset is one
> strategy.
> More recent code also uses less memory.
>
> Further memory reduction can be done in suricata.yaml. To see how
> please
> have a look at the extensive documentation we have in place for it:
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml
Hi Victor,
Thanks for the Ubuntu and memory decrease tips!
I will take a look at those.
>
> Cheers,
> Victor
Regards,
Michiel
More information about the Oisf-users
mailing list