General

Profile

Andreas Herz

Issues

Projects

  • Suricata (Manager, Developer, 12/02/2015)

Activity

10/16/2017

03:38 PM Suricata Feature #2232: Allow Large value in suricata.yaml file
Do you have an example that we can use to reproduce it? It's not that easy just to extend the variable size and IMHO ...
03:37 PM Suricata Feature #2233: Allow log for payload and packet only for defined sid
So you want to have a list of sids that should be relevant for that logging and skip all the others for that part of ...

10/12/2017

04:57 PM Suricata Feature #2219: Save pcap only if alert
This looks similiar to #385 for me. What you could do, you can use the *packet info* from the *eve.json* log and conv...
04:51 PM Suricata Feature #2222: Batch submission of PCAPs over the socket
How do you think such a combination should look like? Or do you just want to use *-r /tmp/foobar* instead of *-r /tmp...

09/23/2017

04:13 PM Suricata Optimization #879: update configure.ac with autoupdate
It would also help for some other improvements within our configure script like #1835 and would like to have it merge...
04:12 PM Suricata Optimization #879: update configure.ac with autoupdate
Since some time has passed I would like to give it a new try:
https://github.com/inliniac/suricata/pull/2904
It...

09/20/2017

04:41 PM Suricata Feature #425: Inspect the effects of mixing threshold and detection filters etc..
With *rate_filter* there is also a demand to override or combine the settings within the *threshold.config* and the u...
04:29 PM Suricata Bug #2214: detect state uses broken offset logic
I would recommend that you submit a PR :) see https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contri...
04:27 PM Suricata Feature #2213: file matching: allow generic file matching / store
If we want to stay consistent I would prefer *alert ip* so it's similiar to normal rules.
04:22 PM Suricata Bug #2151 (Closed): The documentation does not reflect current suricata.yaml regarding cpu-affinity

Also available in: Atom