OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: ToFu on July 02, 2021, 09:28:17 am
-
Hello everybody,
last days i configured my data share via smb.
Goal was that my AplleTV can get data from another vlan.
It needed almost a minute to show the index of the smb share, another one for the next subdir and so on ...
The only way to solve was to turn off suricata for this vlans.
No log alerts or anything else.
Do anyone know about this?
Thanks in advance
-
I assume you mean IPS mode? Suricata has an SMB decoder and such things can be slow...
Cheers,
Franco
-
Yes IPS. :)
-
I am not sure if SMB decoder can be disabled, but it would likely improve your speed if you don't particularly need it.
We do provide an override file for the suricata.yaml to take care of this.
Cheers,
Franco
-
Where can i find this file?
I have only found /usr/local/etc/suricata/custom.yaml.
But this seems not to be the right file.
-
Why not?
Cheers,
Franco
-
I thought that was just an extension for the config. Not overriding :)
Thanks for your reply.
-
Well, it is an extension which can be used to override individual settings... :)
Cheers,
Franco