Hello Michael, thanks for working on optimizing the suricata configuration file. I've merged all of the patches except number "8" and "10" which does not apply with "git am". When simple adding the changes with "patch" the changes can be applied - any idea why this happened? Thanks in advance, -Stefan > I have worked on suricata's configuration. > > My objective was to use more system resources (because suricata did > not use much RAM, etc.) > to make it faster and to be able to have some deeper decoding and > matching. > > Please review these changes and let me know what you think. > > All in all, suricata should not use more than 1G of RAM which I think > is a very good > amount. If your system is weaker than that, there is no point in > running an IPS. > > On my system in my office, this runs with a hand full of rules > enabled from the > Emerging Threats Community set at around 110MB of RAM. > > Michael Tremer (20): > Revert "Suricata: detect DNS events on port 853, too" > suricata: Set max-pending-packets to 1024 > suricata: Set default packet size to 1514 > suricata: Set detection profile to high > suricata: Drop profiling section from configuration > suricata: Drop some commented stuff from configuration > suricata: Drop sections that require Rust > suricata: Configure HTTP decoder > suricata: Allow 32MB of RAM for DNS decoding > suricata: Drop parsers I have never heard of > suricata: We do not use any IP reputation lists > suricata: Log to syslog > suricata: Use the correct path for the magic database > suricata: Use 64MB of RAM for defragmentation > suricata: Use up to 256MB of RAM for the flow cache > suricata: Log to syslog like a normal process > suricata: Increase memory size for the stream engine > suricata: Disable decoding for Teredo > suricata: Start capture first and then load rules > suricata: Fix syntax error > > config/etc/syslog.conf | 2 +- > config/suricata/suricata.yaml | 282 +++++--------------------------- > ---------- > 2 files changed, 30 insertions(+), 254 deletions(-) >