Andreas Herz



  • Suricata (Manager, Developer, 12/02/2015)



03:38 PM Suricata Feature #2232: Allow Large value in suricata.yaml file
Do you have an example that we can use to reproduce it? It's not that easy just to extend the variable size and IMHO ...
03:37 PM Suricata Feature #2233: Allow log for payload and packet only for defined sid
So you want to have a list of sids that should be relevant for that logging and skip all the others for that part of ...


04:57 PM Suricata Feature #2219: Save pcap only if alert
This looks similiar to #385 for me. What you could do, you can use the *packet info* from the *eve.json* log and conv...
04:51 PM Suricata Feature #2222: Batch submission of PCAPs over the socket
How do you think such a combination should look like? Or do you just want to use *-r /tmp/foobar* instead of *-r /tmp...


04:13 PM Suricata Optimization #879: update with autoupdate
It would also help for some other improvements within our configure script like #1835 and would like to have it merge...
04:12 PM Suricata Optimization #879: update with autoupdate
Since some time has passed I would like to give it a new try:


04:41 PM Suricata Feature #425: Inspect the effects of mixing threshold and detection filters etc..
With *rate_filter* there is also a demand to override or combine the settings within the *threshold.config* and the u...
04:29 PM Suricata Bug #2214: detect state uses broken offset logic
I would recommend that you submit a PR :) see
04:27 PM Suricata Feature #2213: file matching: allow generic file matching / store
If we want to stay consistent I would prefer *alert ip* so it's similiar to normal rules.
04:22 PM Suricata Bug #2151 (Closed): The documentation does not reflect current suricata.yaml regarding cpu-affinity

Also available in: Atom