From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 28 Feb 2019 14:28:09 +0000 (+0000)
Subject: suricata: Set detection profile to high
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=5196d8ddbb097c4485a01a0fee58ade94b7255ac

suricata: Set detection profile to high

This will merge rules more aggressively so that the engine
is only processing those that can actually match.

Memory is cheap. People with little memory should not run
suricata anyways.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index c2fd4ebc93..86ed44a404 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -745,7 +745,7 @@ decoder:
 # If the argument specified is 0, the engine uses an internally defined
 # default limit.  On not specifying a value, we use no limits on the recursion.
 detect:
-  profile: medium
+  profile: high
   custom-values:
     toclient-groups: 3
     toserver-groups: 25