[Oisf-users] getting started with suri -- tuning

Cooper F. Nelson cnelson at ucsd.edu
Sat Jul 27 23:59:19 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lowering the TCP timeout will also help with this.

On 7/27/2013 4:55 PM, Russell Fulton wrote:
> Making progress :)
> 
> The main issues seems to have been that I was using pcap. Things behave sensibly when I use either af_packet or pfring.
> 
> I had to raise the flow.memcap to avoid the "Flow emergency mode over, back to normal… " messages.
> 
> I am sure that I will need to do more tuning before this goes into production but it will do for the moment.
> 
> Thanks for the pointers.
> 
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
> 


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR9F7XAAoJEKIFRYQsa8FW7qsIAJG7S3O3VNrO5zGcRhpKxAeS
1xpS6wKFVrfp3P4+Pjr8iC0S3hgzjU2M0p5Q2xSUY23JgYpb9aHlZVKatWKGzMPJ
5azWKVLDN0eotgvkRkxgFNao/yQ76RoPe4F3IjLwLwolRJIeSeWL35wV0AT2irvX
GscRsyjP4cmxE0PJkkacPe2bSbEAheClVbOjyBmz7VkSBRnqt2/mbW8EY3GqA0QX
UpQxn1aX+FnadHSICQX68/Q26lX1Lc1isZJE/VssYKaElOiwBEOJMZ9ZistLxG8U
K8dEInKyO3fTx2uKM6CHJVNtFftQg/xGIoVd1H3C1mT1WHsB053w5NkVqB8k+YY=
=mNAt
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list