From 99d75ac72e66928f5218c222b0b3fd8fbfba179f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 28 Feb 2019 14:28:24 +0000
Subject: [PATCH] suricata: Start capture first and then load rules

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/suricata/suricata.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 369ed2ab2f..083fc54117 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -698,9 +698,10 @@ detect:
     toserver-groups: 25
   sgh-mpm-context: auto
   inspection-recursion-limit: 3000
+
   # If set to yes, the loading of signatures will be made after the capture
   # is started. This will limit the downtime in IPS mode.
-  #delayed-detect: yes
+  delayed-detect: yes
 
   prefilter:
     # default prefiltering setting. "mpm" only creates MPM/fast_pattern
-- 
2.39.2