##
##############################################################################
+##
+## Run Options
+##
+
+# Run suricata as user and group.
+run-as:
+ user: suricata
+ group: suricata
+
# Suricata core dump configuration. Limits the size of the core dump file to
# approximately max-dump. The actual core dump size will be a multiple of the
# page size. Core dumps that would be larger than max-dump are truncated. On
# Runmode the engine should use. Please check --list-runmodes to get the available
# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
# load balancing).
-#runmode: autofp
+runmode: workers
# Specifies the kind of flow load balancer used by the flow pinned autofp mode.
#
# If the argument specified is 0, the engine uses an internally defined
# default limit. On not specifying a value, we use no limits on the recursion.
detect:
- profile: high
+ profile: custom
custom-values:
- toclient-groups: 3
- toserver-groups: 25
+ toclient-groups: 200
+ toserver-groups: 200
sgh-mpm-context: auto
inspection-recursion-limit: 3000
- worker-cpu-set:
cpu: [ "all" ]
mode: "exclusive"
- # Use explicitely 3 threads and don't compute number by using
- # detect-thread-ratio variable:
- # threads: 3
prio:
low: [ 0 ]
medium: [ "1-2" ]
high: [ 3 ]
default: "medium"
- #- verdict-cpu-set:
- # cpu: [ 0 ]
- # prio:
- # default: "high"
+ - verdict-cpu-set:
+ cpu: [ 0 ]
+ prio:
+ default: "high"
#
# By default Suricata creates one "detect" thread per available CPU/CPU core.
# This setting allows controlling this behaviour. A ratio setting of 2 will