[Oisf-users] Suricata at 10G, packet reassembly
Peter Manev
petermanev at gmail.com
Thu Feb 2 15:35:23 UTC 2017
On Thu, Feb 2, 2017 at 3:33 PM, Collyer, Jeffrey W. (jwc3f)
<jwc3f at virginia.edu> wrote:
> Here is the stream section. Everything that wasn’t commented out. I think
> its just the defaults, so that may need some tuning.
>
> stream:
> memcap: 64mb
> checksum-validation: yes # reject wrong csums
> inline: auto # auto will use inline mode in IPS mode, yes
> or no set it statically
> reassembly:
> memcap: 256mb
> depth: 1mb # reassemble 1mb into a stream
> toserver-chunk-size: 2560
> toclient-chunk-size: 2560
> randomize-chunk-size: yes
This looks like the default settings (64mb/256mb) - you run that on
4-8Gbps sensor?
>
>
> Jeffrey Collyer
> Information Security Engineer
> University of Virginia
>
>
> On Feb 1, 2017, at 4:14 PM, Peter Manev <petermanev at gmail.com> wrote:
>
> On Wed, Feb 1, 2017 at 3:04 PM, Collyer, Jeffrey W. (jwc3f)
> <jwc3f at virginia.edu> wrote:
>
> Sure,
>
>
>
> Yes it does not look right....
>
> Can you please share your stream and reassembly section from your
> suricata.yaml as well ?
> (
> https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L1197
> )
>
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list