Hello Michael, thanks for rebasing and resubmitting your patches. This time everything worked well - merged. Best regards, -Stefan > Hi, > > I rebased the whole branch and sent a second patchset with the three > remaining patches only. > > Hope that helps and merges. > > -Michael > > > On 2 Mar 2019, at 16:52, Michael Tremer > > wrote: > > > > Why are you asking me that? > > > > What does “git am” tell you? There should be a reason why it didn’t > > work. > > > > Probably there have been other changes in the section? > > > > -Michael > > > > > On 1 Mar 2019, at 19:01, Stefan Schantl < > > > stefan.schantl(a)ipfire.org> wrote: > > > > > > > Hi, > > > > > > > > Did you apply all of them in order? > > > > > > > > > > Yes, I did. > > > > > > The reported two patches did not apply. > > > > > > However, the changes on the second patch depends on modifications > > > of > > > the first one, but why does the first one does not apply by using > > > "git > > > am" ? > > > > > > > It is not very helpful to only merge half the patchset. > > > > > > > > Did you use pwclient? > > > > > > > > -Michael > > > > > > > > > On 1 Mar 2019, at 17:09, Stefan Schantl < > > > > > stefan.schantl(a)ipfire.org> > > > > > wrote: > > > > > > > > > > Hello Michael, > > > > > > > > > > thanks for working on optimizing the suricata configuration > > > > > file. > > > > > > > > > > I've merged all of the patches except number "8" and "10" > > > > > which > > > > > does > > > > > not apply with "git am". > > > > > > > > > > When simple adding the changes with "patch" the changes can > > > > > be > > > > > applied > > > > > - any idea why this happened? > > > > > > > > > > Thanks in advance, > > > > > > > > > > -Stefan > > > > > > I have worked on suricata's configuration. > > > > > > > > > > > > My objective was to use more system resources (because > > > > > > suricata > > > > > > did > > > > > > not use much RAM, etc.) > > > > > > to make it faster and to be able to have some deeper > > > > > > decoding and > > > > > > matching. > > > > > > > > > > > > Please review these changes and let me know what you think. > > > > > > > > > > > > All in all, suricata should not use more than 1G of RAM > > > > > > which I > > > > > > think > > > > > > is a very good > > > > > > amount. If your system is weaker than that, there is no > > > > > > point in > > > > > > running an IPS. > > > > > > > > > > > > On my system in my office, this runs with a hand full of > > > > > > rules > > > > > > enabled from the > > > > > > Emerging Threats Community set at around 110MB of RAM. > > > > > > > > > > > > Michael Tremer (20): > > > > > > Revert "Suricata: detect DNS events on port 853, too" > > > > > > suricata: Set max-pending-packets to 1024 > > > > > > suricata: Set default packet size to 1514 > > > > > > suricata: Set detection profile to high > > > > > > suricata: Drop profiling section from configuration > > > > > > suricata: Drop some commented stuff from configuration > > > > > > suricata: Drop sections that require Rust > > > > > > suricata: Configure HTTP decoder > > > > > > suricata: Allow 32MB of RAM for DNS decoding > > > > > > suricata: Drop parsers I have never heard of > > > > > > suricata: We do not use any IP reputation lists > > > > > > suricata: Log to syslog > > > > > > suricata: Use the correct path for the magic database > > > > > > suricata: Use 64MB of RAM for defragmentation > > > > > > suricata: Use up to 256MB of RAM for the flow cache > > > > > > suricata: Log to syslog like a normal process > > > > > > suricata: Increase memory size for the stream engine > > > > > > suricata: Disable decoding for Teredo > > > > > > suricata: Start capture first and then load rules > > > > > > suricata: Fix syntax error > > > > > > > > > > > > config/etc/syslog.conf | 2 +- > > > > > > config/suricata/suricata.yaml | 282 +++++---------------- > > > > > > ------ > > > > > > ----- > > > > > > ---------- > > > > > > 2 files changed, 30 insertions(+), 254 deletions(-) > > > > > >