[Oisf-users] Reducing flow timeout values
Srinivasan J
srinidpdk at gmail.com
Mon Apr 13 15:56:16 UTC 2020
Hi Andreas,
Thank you for the valuable suggestion.
Regards,
Srini
On Sun, Apr 12, 2020 at 12:32 AM Andreas Herz <aherz at oisf.net> wrote:
>
> Hi,
>
> On 11/04/20 at 10:02, Srinivasan J wrote:
> > Hi,
> > I would like to tweak the flow timeout values in suricata.yaml. I
> > understand that there needs to be correlation between the values, but
> > say if I want to reduce the “established” value to 120 from 300/600
> > for default/tcp/udp/icmp cases would it cause any issues? I have the
> > following values.
>
> Those timeouts in general don't cause a specific issue but you should be
> looking at the performance of your system, especially memory usage. Also
> check if drops increase or other stats change.
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list