From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 12 Apr 2019 16:59:21 +0000 (+0100)
Subject: suricata: Take as much off of the CPU as possible
X-Git-Tag: v2.23-core131~31
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=dccbdf5b97130f72b4d0bb26d962ffcda8121a51

suricata: Take as much off of the CPU as possible

https://suricata.readthedocs.io/en/suricata-4.1.3/performance/high-performance-config.html

This will compile the ruleset as efficient as possible and
allows the IPS to run faster on smaller systems.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index f37294d545..3fe78cb2f2 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -624,10 +624,10 @@ decoder:
 # If the argument specified is 0, the engine uses an internally defined
 # default limit.  On not specifying a value, we use no limits on the recursion.
 detect:
-  profile: high
+  profile: custom
   custom-values:
-    toclient-groups: 3
-    toserver-groups: 25
+    toclient-groups: 200
+    toserver-groups: 200
   sgh-mpm-context: auto
   inspection-recursion-limit: 3000