[Oisf-users] Suricata 10G

Cooper F. Nelson cnelson at ucsd.edu
Thu May 3 15:47:36 UTC 2018


1.  Check out SEPTUN 1 & 2.

> https://github.com/pevma/SEPTun

2.  Overbuild your sensor, you need a large http/stream depth to
properly track files.  I would suggest 4 gigs per core if you want to
extract and hash all http files. 

3.  Setup a BTRFS dedicated RAID 10 container with LZOP compression to
store/archive them. 

-Coop

On 5/3/2018 8:38 AM, Carl Rotenan wrote:
> Hello,
>
> What would be required to get Suricata to support 10G of traffic in IDS
> mode, and extracting and hashing files on that traffic?
>
> Thanks,
>
> Carl
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/


-- 
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180503/cd3abbcc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180503/cd3abbcc/attachment.sig>


More information about the Oisf-users mailing list