Open Information Security Foundation

12/09/2020

01:09 PM Suricata Optimization #4126: Threaded eve logging for output types other than regular file (socket, plugins, redis etc)

This might be helpful for high performance setups that use redis, since it would help to scale the bottleneck with th... Andreas Herz

11/23/2020

09:53 PM Suricata Bug #4178: DNS Query triggers alert but no output in alert-debug.log

... Andreas Herz

09:51 PM Suricata Bug #4178 (New): DNS Query triggers alert but no output in alert-debug.log

If you run this rule:... Andreas Herz

08:50 PM Suricata Support #4172: Split eve.json into multiple files based on alert severity

What traffic rate are we talking about and how much data overall? Andreas Herz

11/05/2020

09:24 PM Suricata Support #4084 (Closed): Is there a way to debug the lua script?

Andreas Herz

10/30/2020

01:41 PM Suricata Feature #4093 (New): Extend stats log to print packet and byte rate on protocols

It might be helpful to gather the amount of packets and/or bytes of specific app protocols. So for example app-layer.... Andreas Herz

10/22/2020

08:31 PM Suricata Support #4084: Is there a way to debug the lua script?

How does your suricata.yaml look like, escpecially the loglevel? Andreas Herz

10/08/2020

08:26 PM Suricata Support #3976 (Closed): High memory usage

Andreas Herz

09/28/2020

06:25 PM Suricata Support #3976: High memory usage

What traffic rate do you see on average/spike?
You also have quite high values for memcap, I would start to try it w... Andreas Herz

09/27/2020

08:38 PM Suricata Support #3976: High memory usage

How does the rest of your suricata config look like? Depending on the traffic 16GB is not much, how many rules do you... Andreas Herz