[Oisf-users] Fwd: File Extraction issues

Cooper F. Nelson cnelson at ucsd.edu
Mon Jul 24 18:22:06 UTC 2017


How busy is your network?  Try increasing your stream and http memcap
setting to a gigabyte or more.

-Coop

On 7/24/2017 11:25 AM, Jeremy A. Grove wrote:
> I am using AF-packet with the below options.
>
>   - interface: eth0
>     threads: auto
>     cluster-id: 99
>     cluster-type: cluster_flow
>     defrag: yes
>     checksum-checks: kernel
> - interface: eth1
>     threads: auto
>     cluster-id: 98
>     cluster-type: cluster_flow
>     defrag: yes
>   - interface: eth2
>     threads: auto
>     cluster-id: 97
>     cluster-type: cluster_flow
>     defrag: yes
>   - interface: eth3
>     threads: auto
>     cluster-id: 96
>     cluster-type: cluster_flow
>     defrag: yes
>
> Jeremy Grove, SSCP
> Senior Information Security Analyst
> Quadrant Information Security
> o: (904)296-9100 <callto:%28904%29296-9100> x100
> t: (800) 538-9357 <callto:%28800%29%20538-9357> x100
> e: soc at quadrantsec.com
>
> Learn more= about our managed SIEM people + product
> <https://a.quadrantsec.com/3D%22https://quadrantsec.com/SaganMSSP%22>
>
>
>
> ------------------------------------------------------------------------
> *From: *"Cooper F. Nelson" <cnelson at ucsd.edu>
> *To: *"Jeremy A. Grove" <jgrove at quadrantsec.com>, "oisf-users"
> <oisf-users at lists.openinfosecfoundation.org>
> *Sent: *Monday, July 24, 2017 2:07:48 PM
> *Subject: *Re: [Oisf-users] Fwd: File Extraction issues
>
> Are you using the AF_PACKET RSS mode?
>
> -Coop
>
> On 7/24/2017 11:11 AM, Jeremy A. Grove wrote:
>
>     Any advice on this?
>
>     Regards,
>
>     Jeremy Grove, SSCP
>     Senior Information Security Analyst
>     Quadrant Information Security
>     o: (904)296-9100 <callto:%28904%29296-9100> x100
>     t: (800) 538-9357 <callto:%28800%29%20538-9357> x100
>     e: soc at quadrantsec.com
>
>     Learn more= about our managed SIEM people + product
>     <https://a.quadrantsec.com/3D%22https://quadrantsec.com/SaganMSSP%22>
>
>
> -- 
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042
>

-- 
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170724/9e6df757/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170724/9e6df757/attachment-0002.sig>


More information about the Oisf-users mailing list