Hi, I rebased the whole branch and sent a second patchset with the three remaining patches only. Hope that helps and merges. -Michael > On 2 Mar 2019, at 16:52, Michael Tremer wrote: > > Why are you asking me that? > > What does “git am” tell you? There should be a reason why it didn’t work. > > Probably there have been other changes in the section? > > -Michael > >> On 1 Mar 2019, at 19:01, Stefan Schantl wrote: >> >>> Hi, >>> >>> Did you apply all of them in order? >>> >> >> Yes, I did. >> >> The reported two patches did not apply. >> >> However, the changes on the second patch depends on modifications of >> the first one, but why does the first one does not apply by using "git >> am" ? >> >>> It is not very helpful to only merge half the patchset. >>> >>> Did you use pwclient? >>> >>> -Michael >>> >>>> On 1 Mar 2019, at 17:09, Stefan Schantl >>>> wrote: >>>> >>>> Hello Michael, >>>> >>>> thanks for working on optimizing the suricata configuration file. >>>> >>>> I've merged all of the patches except number "8" and "10" which >>>> does >>>> not apply with "git am". >>>> >>>> When simple adding the changes with "patch" the changes can be >>>> applied >>>> - any idea why this happened? >>>> >>>> Thanks in advance, >>>> >>>> -Stefan >>>>> I have worked on suricata's configuration. >>>>> >>>>> My objective was to use more system resources (because suricata >>>>> did >>>>> not use much RAM, etc.) >>>>> to make it faster and to be able to have some deeper decoding and >>>>> matching. >>>>> >>>>> Please review these changes and let me know what you think. >>>>> >>>>> All in all, suricata should not use more than 1G of RAM which I >>>>> think >>>>> is a very good >>>>> amount. If your system is weaker than that, there is no point in >>>>> running an IPS. >>>>> >>>>> On my system in my office, this runs with a hand full of rules >>>>> enabled from the >>>>> Emerging Threats Community set at around 110MB of RAM. >>>>> >>>>> Michael Tremer (20): >>>>> Revert "Suricata: detect DNS events on port 853, too" >>>>> suricata: Set max-pending-packets to 1024 >>>>> suricata: Set default packet size to 1514 >>>>> suricata: Set detection profile to high >>>>> suricata: Drop profiling section from configuration >>>>> suricata: Drop some commented stuff from configuration >>>>> suricata: Drop sections that require Rust >>>>> suricata: Configure HTTP decoder >>>>> suricata: Allow 32MB of RAM for DNS decoding >>>>> suricata: Drop parsers I have never heard of >>>>> suricata: We do not use any IP reputation lists >>>>> suricata: Log to syslog >>>>> suricata: Use the correct path for the magic database >>>>> suricata: Use 64MB of RAM for defragmentation >>>>> suricata: Use up to 256MB of RAM for the flow cache >>>>> suricata: Log to syslog like a normal process >>>>> suricata: Increase memory size for the stream engine >>>>> suricata: Disable decoding for Teredo >>>>> suricata: Start capture first and then load rules >>>>> suricata: Fix syntax error >>>>> >>>>> config/etc/syslog.conf | 2 +- >>>>> config/suricata/suricata.yaml | 282 +++++---------------------- >>>>> ----- >>>>> ---------- >>>>> 2 files changed, 30 insertions(+), 254 deletions(-) >>>>> >