[Oisf-users] Massive kernel drops with HTTP traffic
Peter Manev
petermanev at gmail.com
Sat Aug 18 13:57:43 UTC 2018
> On 17 Aug 2018, at 07:35, Michael Stone <mstone at mathom.us> wrote:
>
> On Fri, Aug 17, 2018 at 03:24:31PM +0200, you wrote:
>>> Do you have filemagic enabled?
>>
>> Yes. We currently use filestore v1. And we use the filemagic value in
>> our rules for filestoring.
>
> Unless you have customized the magic file it is very likely that you won't hit your performance target this way. I'd suggest rules specific to what you're trying to save rather than relying on libmagic (which is very inefficient).
>
That could be easy to test and confirm if it is contributing or creating the mess- Konstantin is it possible to try it out and see ?
> Mike Stone
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list