[Oisf-users] Kernel packets drops in AFpacket AUTO mode
Victor Julien
lists at inliniac.net
Thu Jun 13 09:45:24 UTC 2013
On 06/12/2013 08:28 PM, Fernando Sclavo wrote:
> - decoder-events.rules # available in suricata sources under rules dir
> - http-events.rules # available in suricata sources under rules dir
> - smtp-events.rules # available in suricata sources under rules dir
Are you getting a lot of hits on these? They are quite efficient if the
traffic is okay, but if there are a lot of protocol warnings/errors they
can be quite inefficient. Maybe it's worth a shot to disable them for a
few days.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list