[Oisf-users] Suricata at 10G, packet reassembly
Collyer, Jeffrey W. (jwc3f)
jwc3f at virginia.edu
Thu Feb 2 14:33:27 UTC 2017
Here is the stream section. Everything that wasn’t commented out. I think its just the defaults, so that may need some tuning.
stream:
memcap: 64mb
checksum-validation: yes # reject wrong csums
inline: auto # auto will use inline mode in IPS mode, yes or no set it statically
reassembly:
memcap: 256mb
depth: 1mb # reassemble 1mb into a stream
toserver-chunk-size: 2560
toclient-chunk-size: 2560
randomize-chunk-size: yes
Jeffrey Collyer
Information Security Engineer
University of Virginia
On Feb 1, 2017, at 4:14 PM, Peter Manev <petermanev at gmail.com<mailto:petermanev at gmail.com>> wrote:
On Wed, Feb 1, 2017 at 3:04 PM, Collyer, Jeffrey W. (jwc3f)
<jwc3f at virginia.edu<mailto:jwc3f at virginia.edu>> wrote:
Sure,
Yes it does not look right....
Can you please share your stream and reassembly section from your
suricata.yaml as well ?
( https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L1197
)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170202/785fff46/attachment-0002.html>
More information about the Oisf-users
mailing list