[Oisf-users] Help on suricata config file, http alarm stop firing after some minutes

st3fan0 ste st3fan_01 at hotmail.com
Fri May 1 21:02:45 UTC 2015


hi all,
i need some help because iam totaly stuck. i attach my suricata config file, my issue is that after some minutes that i run suricata, http inspection seems broken, in particulary i do some manual testing for triggering rules that dected access to .htaccess file, but suricata detect only the first 2 o 3 attempt and then nothing else even if i test from different ip and after 10 or 60 minutes the results is the same, i can see others rules firing like ip  only rules and dns rules but none http rules.
i appreciate any type of help, advice or tuning settings, because i have done so many test.
thanks in advance
Probe HW:8 CPU16 gb RAM300 HD SAS4 nic gigabit
total traffic: 50 mbs suddivided to 4 NICS
i enabled eve logging and it shows that after some minuts dected alerts drop drastrically
in stats.log tcp.drop show 0 packets
Regards


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150501/9e762bb7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suricata_test.yaml
Type: application/octet-stream
Size: 39868 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150501/9e762bb7/attachment-0001.obj>


More information about the Oisf-users mailing list