[Oisf-users] libhtp defaults in suricata.yaml

Victor Julien victor at inliniac.net
Fri Aug 10 13:54:15 UTC 2012


On 08/08/2012 06:40 PM, Will Metcalf wrote:
> +1 :)

ET distributes the default settings in it's yaml. What sigs need more?

> Regards,
> 
> Will
> 
> On Wed, Aug 8, 2012 at 11:35 AM, Eoin Miller
> <eoin.miller at trojanedbinaries.com> wrote:
>> Wondering if we could increase the values slightly from 3072? Missing a
>> good deal of alerting because of these default values. Below is default
>> from suricata.yaml:
>>
>> ---SNIP---
>> libhtp:
>>
>>    default-config:
>>      personality: IDS
>>      # Can be specified in kb, mb, gb.  Just a number indicates
>>      # it's in bytes.
>>      request-body-limit: 3072
>>      response-body-limit: 3072
>> ---SNIP---
>>
>>
>> Maybe something more like:
>>
>> ---SNIP---
>> libhtp:
>>
>>    default-config:
>>      personality: IDS
>>      # Can be specified in kb, mb, gb.  Just a number indicates
>>      # it's in bytes.
>>      request-body-limit: 128kb
>>      response-body-limit: 512kb
>> ---SNIP---
>>
>>
>> -- Eoin
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list