[Oisf-users] Tuning guide
Cooper F. Nelson
cnelson at ucsd.edu
Tue May 16 19:06:30 UTC 2017
On 5/16/2017 11:57 AM, Brad Kingsbury wrote:
> Is there a tuning guide available for Suricata? I'm looking for some
> pretty basic "tuning" parameters, based upon the amount of RAM and cores
> available. Also, parameters to consider if doing just parsing v. detection.
This is the best one available currently:
> https://github.com/pevma/SEPTun
Might be overkill for tiny networks, though.
> Also, is the hyperscan library only used by the detection component, or
> will it also provide improved performance in the parsing engine too?
That is an excellent questions and I have to admit I do not know the
answer. I'll hesitate a guess of 'no' as I run in delayed-detect mode
and suricata will begin protocol logging well prior to generating alert
traffic. I think this is by design as the protocol detection logic is
specifically tuned for that purpose, vs. being a generic pattern matcher.
--
Cooper Nelson
IT Security - Information Technology Services
University of California San Diego
(858) 534-6487 - cnelson at ucsd.edu
https://cybersecurity.ucsd.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170516/06d33adb/attachment-0002.sig>
More information about the Oisf-users
mailing list