[Oisf-users] [OT: Pedantic] file truncated
Miso Mijatovic
mmijatovic at sorint.it
Mon Apr 27 16:16:05 UTC 2015
Hi,
i wrote you some updates.
I sent my yaml in private to Peter Manev who responded me with a new one, the main changes where:
enabled max pending packets set to 16384
on NIC: 4 threads instead of auto, enabled mmap and ring-size
generally increased memcaps and decreased timeouts.
His cofig allowed file extraction of files of max 5mb.
I did other tests: i disabled IPV6 on eth1 with ethtool, then i ran 3 scripts i found under /opt/selks/Scripts/Tuning:
disable-interface-offloading_stamus.sh idps-interface-tuneup_stamus kernel-tuneup_stamus.sh
can someone give me some deepening on these scripts?
Now i often see md5 alerts some files (i tried 40k, 140k, 500k, 1m), not always, let's say 90% of my tests. Never for bigger files.
I still have reassembly gap but i don't have any invalid checksum now.
I modified the config to allow file extraction for bigger files but without success.
Peter feel free to correct me if i forgot something.
Miso
----- Messaggio originale -----
Da: "James Moe" <jimoe at sohnen-moe.com>
A: oisf-users at lists.openinfosecfoundation.org
Inviato: Venerdì, 24 aprile 2015 8:09:45
Oggetto: Re: [Oisf-users] [OT: Pedantic] file truncated
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/23/2015 11:37 AM, Cooper F. Nelson wrote:
> Suricata doesn't use decimal metric prefixes, it uses binary
> prefixes:
>
>>> http://en.wikipedia.org/wiki/Binary_prefix
>
Which supports my assertion regarding the case sensitivity of prefixes
.
> It's also made clear in the yaml documentation that you can give
> it an integer in bytes. The kb,mb,gb tag is defined within the
> scope of the suricata engine, which is fine.
>
Quite so.
It is semantically dubious in a larger context, but within the
confines of suricata's YAML documentation and usage, it is acceptable.
- --
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlU53ikACgkQzTcr8Prq0ZOdAgCgk7NrWfOKE3Kgq8HPD1l76mCn
3GkAnRmTtE0SEljqszED68mRuY4Gg4pI
=TK6i
-----END PGP SIGNATURE-----
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
More information about the Oisf-users
mailing list