[Oisf-users] Hello and question about setting up Suricata as a Web Application IDS

Michiel van Es mve at pcintelligence.nl
Thu Mar 24 11:57:53 UTC 2011

 On Thu, 24 Mar 2011 12:31:14 +0100, Victor Julien wrote:
> On 03/24/2011 11:19 AM, Michiel van Es wrote:
>>  My Question:
>>  What is the quickest way to copy my snort config or start with a 
>> new
>>  config that only does web application detection and alerting?
>>  Should I copy/use the /etc/snort/rules/web-*.rules and nothing 
>> else?
>>  Is someone already using this kind of IDS/WA(F) setup to monitor 
>> their
>>  web applications?
>>  Also, I found out that Suricata is using 24% of my total physical
>>  memory (2 GB) when running with the default suricata-debian.yaml 
>> config
>>  , can I reduce that amount of memory usage?
> Most memory is used by the rules, so reduce the ruleset is one 
> strategy.
> More recent code also uses less memory.
> Further memory reduction can be done in suricata.yaml. To see how 
> please
> have a look at the extensive documentation we have in place for it:
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml

 Hi Victor,

 Thanks for the Ubuntu and memory decrease tips!
 I will take a look at those.

> Cheers,
> Victor



More information about the Oisf-users mailing list