X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=config%2Fsuricata%2Fsuricata.yaml;h=e7e27c731e1b7c7b18fe4bc59d6f76fabc99bb00;hp=539ef38dd2103f623976fad17b3b5db1dd891606;hb=64aed99df6ba3b057c35ebb6b9278a13ae5e575d;hpb=2bec60c34725c759c98f4da276fc8149162b3397

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 539ef38dd2..e7e27c731e 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -281,6 +281,15 @@ asn1-max-frames: 256
 ##
 ##############################################################################
 
+##
+## Run Options
+##
+
+# Run suricata as user and group.
+run-as:
+  user: suricata
+  group: suricata
+
 # Suricata core dump configuration. Limits the size of the core dump file to
 # approximately max-dump. The actual core dump size will be a multiple of the
 # page size. Core dumps that would be larger than max-dump are truncated. On
@@ -308,7 +317,7 @@ max-pending-packets: 1024
 # Runmode the engine should use. Please check --list-runmodes to get the available
 # runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
 # load balancing).
-#runmode: autofp
+runmode: workers
 
 # Specifies the kind of flow load balancer used by the flow pinned autofp mode.
 #
@@ -615,10 +624,10 @@ decoder:
 # If the argument specified is 0, the engine uses an internally defined
 # default limit.  On not specifying a value, we use no limits on the recursion.
 detect:
-  profile: high
+  profile: custom
   custom-values:
-    toclient-groups: 3
-    toserver-groups: 25
+    toclient-groups: 200
+    toserver-groups: 200
   sgh-mpm-context: auto
   inspection-recursion-limit: 3000
 
@@ -708,18 +717,15 @@ threading:
     - worker-cpu-set:
         cpu: [ "all" ]
         mode: "exclusive"
-        # Use explicitely 3 threads and don't compute number by using
-        # detect-thread-ratio variable:
-        # threads: 3
         prio:
           low: [ 0 ]
           medium: [ "1-2" ]
           high: [ 3 ]
           default: "medium"
-    #- verdict-cpu-set:
-    #    cpu: [ 0 ]
-    #    prio:
-    #      default: "high"
+    - verdict-cpu-set:
+        cpu: [ 0 ]
+        prio:
+          default: "high"
   #
   # By default Suricata creates one "detect" thread per available CPU/CPU core.
   # This setting allows controlling this behaviour. A ratio setting of 2 will