[Oisf-users] Suricata 10G
Carl Rotenan
carlrotenan at gmail.com
Sun May 6 17:26:20 UTC 2018
Thanks, I'll check them out.
On Thu, May 3, 2018 at 11:47 AM Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> 1. Check out SEPTUN 1 & 2.
>
> https://github.com/pevma/SEPTun
>
>
> 2. Overbuild your sensor, you need a large http/stream depth to properly
> track files. I would suggest 4 gigs per core if you want to extract and
> hash all http files.
>
> 3. Setup a BTRFS dedicated RAID 10 container with LZOP compression to
> store/archive them.
>
> -Coop
>
>
> On 5/3/2018 8:38 AM, Carl Rotenan wrote:
>
> Hello,
>
> What would be required to get Suricata to support 10G of traffic in IDS
> mode, and extracting and hashing files on that traffic?
>
> Thanks,
>
> Carl
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Teamcnelson at ucsd.edu x41042
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180506/956bf6cf/attachment.html>
More information about the Oisf-users
mailing list