- syslog:
enabled: yes
facility: local5
- format: "[%i] <%d> -- "
+ format: ""
# type: json
##
# # is used in a rule.
#
stream:
- memcap: 64mb
+ memcap: 256mb
+ prealloc-sessions: 4k
checksum-validation: yes # reject wrong csums
inline: auto # auto will use inline mode in IPS mode, yes or no set it statically
reassembly:
toserver-chunk-size: 2560
toclient-chunk-size: 2560
randomize-chunk-size: yes
- #randomize-chunk-range: 10
- #raw: yes
- #segment-prealloc: 2048
- #check-overlap-different-data: true
+ raw: yes
+ segment-prealloc: 2048
+ check-overlap-different-data: true
# Host table:
#
# Teredo decoder is known to not be completely accurate
# it will sometimes detect non-teredo as teredo.
teredo:
- enabled: true
+ enabled: false
##
toserver-groups: 25
sgh-mpm-context: auto
inspection-recursion-limit: 3000
+
# If set to yes, the loading of signatures will be made after the capture
# is started. This will limit the downtime in IPS mode.
- #delayed-detect: yes
+ delayed-detect: yes
prefilter:
# default prefiltering setting. "mpm" only creates MPM/fast_pattern