[Oisf-users] [OT: Pedantic] file truncated

[Cooper F. Nelson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Suricata doesn't use decimal metric prefixes, it uses binary prefixes:

> http://en.wikipedia.org/wiki/Binary_prefix

It's also made clear in the yaml documentation that you can give it an
integer in bytes.  The kb,mb,gb tag is defined within the scope of the
suricata engine, which is fine.

If you want to be pedantic, the correct IEC prefix would kibi, mebi or
gibi and specified as KiB, MiB, or GiB respectively:

> http://en.wikipedia.org/wiki/Binary_prefix#Adoption_by_IEC.2C_NIST_and_ISQ

- -Coop

On 4/22/2015 10:54 AM, James Moe wrote:
> On 04/22/2015 12:18 AM, Peter Manev wrote:
>>>> i increased the stream memcap from default 32mb to 128mb;
>> I think you can try setting this to 512mb
>>>> i decreased the reassembly memcap from default 128mb to 64mb.
>> and this to 1024mb
> 
>   mb = milli-bit, or milli-bar
>   Mb = mega-bit
>   MB = mega-byte
> 
>   See <http://en.wikipedia.org/wiki/Metric_prefix>.
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
> 

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJVOTwDAAoJEKIFRYQsa8FWrxAH/1ADAcxc6EvCeH5USRrSV4GT
+ruaRMCNKmcuwaTEqY6gVv8LK7jBBWBCJsXjFDUUESxsmsg9fZMFj7vR96uUVTg5
jEhmhOjLz6H5qqSbsG0qFGYFk2ogkUtCqkmQsZs0EU8oGgq1AlTC1aNIAn7FJIzZ
ohkhEIAUEeiVwNOLvwXNwvIhu2G1+rCokN6PQTGH955HiQVchh8xFIGEswrPR3bo
VQl20qU8wAtd4whMgWyC+urM4WF9wmrzyfl4CK4WOSQtpbC03vOLGkwHLPyEMY5H
iTTcY3Qw35K3J8u4Rg961vLlXeUmsXtxRuHk8SQOTviAtxnzzUnaeGxWD/ab7To=
=NiW3
-----END PGP SIGNATURE-----