suricata: Take as much off of the CPU as possible
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 12 Apr 2019 16:59:21 +0000 (17:59 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 12 Apr 2019 16:59:21 +0000 (17:59 +0100)
https://suricata.readthedocs.io/en/suricata-4.1.3/performance/high-performance-config.html

This will compile the ruleset as efficient as possible and
allows the IPS to run faster on smaller systems.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/suricata/suricata.yaml

index f37294d..3fe78cb 100644 (file)
@@ -624,10 +624,10 @@ decoder:
 # If the argument specified is 0, the engine uses an internally defined
 # default limit.  On not specifying a value, we use no limits on the recursion.
 detect:
-  profile: high
+  profile: custom
   custom-values:
-    toclient-groups: 3
-    toserver-groups: 25
+    toclient-groups: 200
+    toserver-groups: 200
   sgh-mpm-context: auto
   inspection-recursion-limit: 3000