[Oisf-users] libhtp defaults in suricata.yaml

Will Metcalf william.metcalf at gmail.com
Fri Aug 10 17:22:54 UTC 2012


>ET distributes the default settings in it's yaml. What sigs need more?

Good point :).. We will.

On Fri, Aug 10, 2012 at 8:54 AM, Victor Julien <victor at inliniac.net> wrote:
> On 08/08/2012 06:40 PM, Will Metcalf wrote:
>> +1 :)
>
> ET distributes the default settings in it's yaml. What sigs need more?
>
>> Regards,
>>
>> Will
>>
>> On Wed, Aug 8, 2012 at 11:35 AM, Eoin Miller
>> <eoin.miller at trojanedbinaries.com> wrote:
>>> Wondering if we could increase the values slightly from 3072? Missing a
>>> good deal of alerting because of these default values. Below is default
>>> from suricata.yaml:
>>>
>>> ---SNIP---
>>> libhtp:
>>>
>>>    default-config:
>>>      personality: IDS
>>>      # Can be specified in kb, mb, gb.  Just a number indicates
>>>      # it's in bytes.
>>>      request-body-limit: 3072
>>>      response-body-limit: 3072
>>> ---SNIP---
>>>
>>>
>>> Maybe something more like:
>>>
>>> ---SNIP---
>>> libhtp:
>>>
>>>    default-config:
>>>      personality: IDS
>>>      # Can be specified in kb, mb, gb.  Just a number indicates
>>>      # it's in bytes.
>>>      request-body-limit: 128kb
>>>      response-body-limit: 512kb
>>> ---SNIP---
>>>
>>>
>>> -- Eoin
>>> _______________________________________________
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



More information about the Oisf-users mailing list