[00/20] Suricata Configuration Updates

Message ID 20190228142825.5153-1-michael.tremer@ipfire.org


Michael Tremer March 1, 2019, 1:28 a.m. UTC
  I have worked on suricata's configuration.

My objective was to use more system resources (because suricata did not use much RAM, etc.)
to make it faster and to be able to have some deeper decoding and matching.

Please review these changes and let me know what you think.

All in all, suricata should not use more than 1G of RAM which I think is a very good
amount. If your system is weaker than that, there is no point in running an IPS.

On my system in my office, this runs with a hand full of rules enabled from the
Emerging Threats Community set at around 110MB of RAM.

Michael Tremer (20):
  Revert "Suricata: detect DNS events on port 853, too"
  suricata: Set max-pending-packets to 1024
  suricata: Set default packet size to 1514
  suricata: Set detection profile to high
  suricata: Drop profiling section from configuration
  suricata: Drop some commented stuff from configuration
  suricata: Drop sections that require Rust
  suricata: Configure HTTP decoder
  suricata: Allow 32MB of RAM for DNS decoding
  suricata: Drop parsers I have never heard of
  suricata: We do not use any IP reputation lists
  suricata: Log to syslog
  suricata: Use the correct path for the magic database
  suricata: Use 64MB of RAM for defragmentation
  suricata: Use up to 256MB of RAM for the flow cache
  suricata: Log to syslog like a normal process
  suricata: Increase memory size for the stream engine
  suricata: Disable decoding for Teredo
  suricata: Start capture first and then load rules
  suricata: Fix syntax error

 config/etc/syslog.conf        |   2 +-
 config/suricata/suricata.yaml | 282 +++++-------------------------------------
 2 files changed, 30 insertions(+), 254 deletions(-)