[Oisf-users] where are my missing packets ?
mcholste at gmail.com
Thu Feb 23 16:20:24 UTC 2012
> As you can see in other message I "solved" the issues.
I saw that, congratulations!
> I changed
> several components so I'm not sure why it now works, but I'm quite
> sure there were two main problems:
> - hardware, with checksum
> - software, too low STREAM.memcap value
Yep, the memcap is the biggest one by far.
As you get further in your testing, be sure to check out some of the
advanced features Suricata offers like the newly-introduced file
extraction as well as the incredibly valuable HTTP log. In
production, the HTTP log to pair up with IDS alerts is critical,
though there are other ways of getting that data.
More information about the Oisf-users