[Oisf-users] HOMENET question

Peter Manev petermanev at gmail.com
Thu Oct 15 07:09:58 UTC 2015 

On Wed, Oct 14, 2015 at 4:55 PM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> So after some testing I was negating two subnets before including a big one.
> Suricata would never complete loading. It would run out of RAM (server has
> 128gb or so) and crash.
> It would get stuck on Building signature grouping structure.
> Stage 2 would take an hour and stage 3 would never complete.
> As soon as I've removed negated subnets, the whole thing took 5 minutes to
> load.
>
> Any thoughts?

Can you please open a bug report describing how the issue can be
reproduced in detail - if ok include the relevant yaml configuration
(or similar or share privately)

>
> Thank you.
>
> ________________________________
> Date: Tue, 29 Sep 2015 20:23:31 +0000
> From: coolyasha at hotmail.com
> To: rmkml at yahoo.fr
> CC: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] HOMENET question
>
>
> Good to know. Another question.
> If i monitor two interfaces via pfring, can i have separate homenets for
> each interface?
>
> Thanks
>
>
>
>
> On Tue, Sep 29, 2015 at 12:34 PM -0700, "rmkml" <rmkml at yahoo.fr> wrote:
>
> Hi Yasha,
>
> Yes please negate subnet first.
>
> Regards
> @Rmkml
>
>
> On Tue, 29 Sep 2015, Yasha Zislin wrote:
>
>> Question about HOMENET.
>> Can we exclude subnets from a bigger subnet?
>> For example,
>>  HOME_NET: "[10.0.0.0/8,!10.1.0.0/16]"
>>
>> Is that possible?
>>
>> Thanks
>>
>>
>
> _______________________________________________ Suricata IDS Users mailing
> list: oisf-users at openinfosecfoundation.org Site: http://suricata-ids.org |
> Support: http://suricata-ids.org/support/ List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users Suricata
> User Conference November 4 & 5 in Barcelona: http://oisfevents.net
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net



-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list