[Oisf-users] libhtp defaults in suricata.yaml

Victor Julien victor at inliniac.net
Tue Aug 14 07:05:32 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/10/2012 07:22 PM, Will Metcalf wrote:
>> ET distributes the default settings in it's yaml. What sigs need
>> more?
> 
> Good point :).. We will.

Do you have any data on what limits you need? I assume the rules are
written with certain limits in mind.

> On Fri, Aug 10, 2012 at 8:54 AM, Victor Julien
> <victor at inliniac.net> wrote:
>> On 08/08/2012 06:40 PM, Will Metcalf wrote:
>>> +1 :)
>> 
>> ET distributes the default settings in it's yaml. What sigs need
>> more?
>> 
>>> Regards,
>>> 
>>> Will
>>> 
>>> On Wed, Aug 8, 2012 at 11:35 AM, Eoin Miller 
>>> <eoin.miller at trojanedbinaries.com> wrote:
>>>> Wondering if we could increase the values slightly from 3072?
>>>> Missing a good deal of alerting because of these default
>>>> values. Below is default from suricata.yaml:
>>>> 
>>>> ---SNIP--- libhtp:
>>>> 
>>>> default-config: personality: IDS # Can be specified in kb,
>>>> mb, gb.  Just a number indicates # it's in bytes. 
>>>> request-body-limit: 3072 response-body-limit: 3072 
>>>> ---SNIP---
>>>> 
>>>> 
>>>> Maybe something more like:
>>>> 
>>>> ---SNIP--- libhtp:
>>>> 
>>>> default-config: personality: IDS # Can be specified in kb,
>>>> mb, gb.  Just a number indicates # it's in bytes. 
>>>> request-body-limit: 128kb response-body-limit: 512kb 
>>>> ---SNIP---
>>>> 
>>>> 
>>>> -- Eoin _______________________________________________ 
>>>> Oisf-users mailing list Oisf-users at openinfosecfoundation.org 
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>>> 
_______________________________________________
>>> Oisf-users mailing list Oisf-users at openinfosecfoundation.org 
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>
>>
>>
>>> 
- --
>> --------------------------------------------- Victor Julien 
>> http://www.inliniac.net/ PGP:
>> http://www.inliniac.net/victorjulien.asc 
>> ---------------------------------------------
>> 
>> _______________________________________________ Oisf-users
>> mailing list Oisf-users at openinfosecfoundation.org 
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>> 
- -- 
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAp+LsACgkQiSMBBAuniMcN7gCggVcBsLl26GUugAfwrgCUSA+I
yEAAnRMYSW24CdVA5VoGsyDfc5ZEMUYh
=Q2ep
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list