- syslog:
enabled: yes
facility: local5
- format: "[%i] <%d> -- "
+ format: ""
# type: json
##
# in bytes.
flow:
- memcap: 128mb
+ memcap: 256mb
hash-size: 65536
prealloc: 10000
emergency-recovery: 30
- #managers: 1 # default to one flow manager
- #recyclers: 1 # default to one flow recycler thread
+ managers: 1
+ recyclers: 1
# This option controls the use of vlan ids in the flow (and defrag)
# hashing. Normally this should be enabled, but in some (broken)
# # is used in a rule.
#
stream:
- memcap: 64mb
+ memcap: 256mb
+ prealloc-sessions: 4k
checksum-validation: yes # reject wrong csums
inline: auto # auto will use inline mode in IPS mode, yes or no set it statically
reassembly:
toserver-chunk-size: 2560
toclient-chunk-size: 2560
randomize-chunk-size: yes
- #randomize-chunk-range: 10
- #raw: yes
- #segment-prealloc: 2048
- #check-overlap-different-data: true
+ raw: yes
+ segment-prealloc: 2048
+ check-overlap-different-data: true
# Host table:
#
# Teredo decoder is known to not be completely accurate
# it will sometimes detect non-teredo as teredo.
teredo:
- enabled: true
+ enabled: false
##
toserver-groups: 25
sgh-mpm-context: auto
inspection-recursion-limit: 3000
+
# If set to yes, the loading of signatures will be made after the capture
# is started. This will limit the downtime in IPS mode.
- #delayed-detect: yes
+ delayed-detect: yes
prefilter:
# default prefiltering setting. "mpm" only creates MPM/fast_pattern
projects / ipfire-2.x.git / blobdiff