[Oisf-users] TCP connection timeouts with suricata 4.0.3
Gareth Parks
gparks at viator.com
Fri Feb 2 01:53:40 UTC 2018
On 02/02/18 10:02, Andreas Herz wrote:
>
> Try to observe the stats.log since there might be drops that are not
> related to drop rules and thus won't show up in the drop.log.
The only drop counter in stats.log is tcp.segment_memcap_drop but the
counter doesn't seem to correspond with the number of timeouts
occurring. A suricata process that was last restarted on the 23rd
January has 674 vs one restarted 2 hours ago which has 110 and both
servers have roughly the same number of timeouts over any given period
of time.
I increased stream.memcap and stream.reassembly.memcap on the server
restarted 2 hours ago and for a period of time the stat
tcp.segment_memcap_drop didn't exist but the timeout was still occurring.
More information about the Oisf-users
mailing list