diff mbox series

[09/20] suricata: Allow 32MB of RAM for DNS decoding

Message ID	20190228142825.5153-10-michael.tremer@ipfire.org
State	Accepted
Commit	cf976e93c419d2c268979397ec87e05a2b8b7636
Headers	From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 09/20] suricata: Allow 32MB of RAM for DNS decoding Date: Thu, 28 Feb 2019 14:28:14 +0000 Message-Id: <20190228142825.5153-10-michael.tremer@ipfire.org> In-Reply-To: <20190228142825.5153-1-michael.tremer@ipfire.org> References: <20190228142825.5153-1-michael.tremer@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	Suricata Configuration Updates \| [00/20] Suricata Configuration Updates [01/20] Revert "Suricata: detect DNS events on port 853, too" [02/20] suricata: Set max-pending-packets to 1024 [03/20] suricata: Set default packet size to 1514 [04/20] suricata: Set detection profile to high [05/20] suricata: Drop profiling section from configuration [06/20] suricata: Drop some commented stuff from configuration [07/20] suricata: Drop sections that require Rust [08/20] suricata: Configure HTTP decoder [09/20] suricata: Allow 32MB of RAM for DNS decoding [10/20] suricata: Drop parsers I have never heard of [11/20] suricata: We do not use any IP reputation lists [12/20] suricata: Log to syslog [13/20] suricata: Use the correct path for the magic database [14/20] suricata: Use 64MB of RAM for defragmentation [15/20] suricata: Use up to 256MB of RAM for the flow cache [16/20] suricata: Log to syslog like a normal process [17/20] suricata: Increase memory size for the stream engine [18/20] suricata: Disable decoding for Teredo [19/20] suricata: Start capture first and then load rules [20/20] suricata: Fix syntax error

Commit Message

Michael Tremer March 1, 2019, 1:28 a.m. UTC

  Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/suricata/suricata.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff mbox series

Patch

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index b09d5906d..882dc1bd0 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -194,12 +194,12 @@  app-layer:
     #  enabled: yes
     dns:
       # memcaps. Globally and per flow/state.
-      #global-memcap: 16mb
-      #state-memcap: 512kb
+      global-memcap: 32mb
+      state-memcap: 512kb
 
       # How many unreplied DNS requests are considered a flood.
       # If the limit is reached, app-layer-event:dns.flooded; will match.
-      #request-flood: 500
+      request-flood: 512
 
       tcp:
         enabled: yes