[Oisf-users] Reducing flow timeout values
Andreas Herz
aherz at oisf.net
Sat Apr 11 19:02:11 UTC 2020
Hi,
On 11/04/20 at 10:02, Srinivasan J wrote:
> Hi,
> I would like to tweak the flow timeout values in suricata.yaml. I
> understand that there needs to be correlation between the values, but
> say if I want to reduce the “established” value to 120 from 300/600
> for default/tcp/udp/icmp cases would it cause any issues? I have the
> following values.
Those timeouts in general don't cause a specific issue but you should be
looking at the performance of your system, especially memory usage. Also
check if drops increase or other stats change.
--
Andreas Herz
More information about the Oisf-users
mailing list