suricata: Start capture first and then load rules
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 28 Feb 2019 14:28:24 +0000 (14:28 +0000)
committerStefan Schantl <stefan.schantl@ipfire.org>
Fri, 1 Mar 2019 16:56:47 +0000 (17:56 +0100)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
config/suricata/suricata.yaml

index 369ed2a..083fc54 100644 (file)
@@ -698,9 +698,10 @@ detect:
     toserver-groups: 25
   sgh-mpm-context: auto
   inspection-recursion-limit: 3000
+
   # If set to yes, the loading of signatures will be made after the capture
   # is started. This will limit the downtime in IPS mode.
-  #delayed-detect: yes
+  delayed-detect: yes
 
   prefilter:
     # default prefiltering setting. "mpm" only creates MPM/fast_pattern