I've just updated to 20.7 and noticed that in "Intrusion Detection" --> "Administration" there is the new setting 'Detecting Profile': no idea what the different options mean (default, low, medium, high, custom) ???
What default does?
Where can I find a simple document which explains the different settings?
Tia.
https://suricata.readthedocs.io/en/suricata-5.0.3/performance/tuning-considerations.html?highlight=Detecting%20Profile#detect-profile-low-medium-high-custom
Look at 9.3.3. Sounds like higher is better for performance with a hit on memory allocation.
Thanks FullyBorked !
Another thing I've noticed is that the log looks different than when I had 20.1 & Suricata 4 (see attahcment): does anybody know how to get in the log the same info (i.e. timestamp, info about each rule, etc.) I had before ?
Tia.
Yeah I implemented that new settings. It allows you to use more memory to group large sets of rules.
I noticed the same thing, it now shows stats log, so I disabled this to get back the normal log.
https://forum.opnsense.org/index.php?topic=18288.0
This will be fixed in next version:
https://github.com/opnsense/core/commit/6dbd1d4abc9e64baa8f919c5bfb02ffc261512bb
You can also patch via CLI:
opnsense-patch 6dbd1d4
Quote from: mimugmail on August 04, 2020, 10:30:53 AM
This will be fixed in next version:
https://github.com/opnsense/core/commit/6dbd1d4abc9e64baa8f919c5bfb02ffc261512bb
You can also patch via CLI:
opnsense-patch 6dbd1d4
Thx, I would be more happy to disable stats.log, as its writing to disk every 8 seconds.
Greetings,
as i have enough memory free would it make sense to set the Detect Profile to custom and above 100?
High is stated with 75.
thanks
armin