[Oisf-users] HOMENET question
Yasha Zislin
coolyasha at hotmail.com
Wed Oct 14 14:55:27 UTC 2015
So after some testing I was negating two subnets before including a big one.Suricata would never complete loading. It would run out of RAM (server has 128gb or so) and crash.It would get stuck on Building signature grouping structure.Stage 2 would take an hour and stage 3 would never complete.As soon as I've removed negated subnets, the whole thing took 5 minutes to load.
Any thoughts?
Thank you.
Date: Tue, 29 Sep 2015 20:23:31 +0000
From: coolyasha at hotmail.com
To: rmkml at yahoo.fr
CC: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] HOMENET question
Good to know. Another question.
If i monitor two interfaces via pfring, can i have separate homenets for each interface?
Thanks
On Tue, Sep 29, 2015 at 12:34 PM -0700, "rmkml"
<rmkml at yahoo.fr> wrote:
Hi Yasha,
Yes please negate subnet first.
Regards
@Rmkml
On Tue, 29 Sep 2015, Yasha Zislin wrote:
> Question about HOMENET.
> Can we exclude subnets from a bigger subnet?
> For example,
> HOME_NET: "[10.0.0.0/8,!10.1.0.0/16]"
>
> Is that possible?
>
> Thanks
>
>
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151014/54f51fd7/attachment.html>
More information about the Oisf-users
mailing list