Commit Graph

26 Commits (4e7df60b2fb1e5f66aad3175600a85039761a0b0)

Author SHA1 Message Date
Jason Ish 18e5ac8cde Basic rule profiling even though the results may be skewed by a bad rule in a grouping of rules. 16 years ago
Pablo Rincon 1238668961 Adding actions order and suport for rule action "pass" 16 years ago
Jason Ish 00974d157b Fix issue 131.
Flow-timeouts likely don't need to be a sequence, but rather mappings.  We'd only need a sequence if you wanted to list something like "tcp" twice which I don't think makes sense for configuration section.

Also fixup flow.c to not attempt to use the sequence, and put the timeouts into their correct place.
16 years ago
Victor Julien 4875c2daf4 Console logging settings are now overridden by env vars. 16 years ago
Brian Rectanus a9cdd2bbae Add htp personality configuration. 16 years ago
William Metcalf b0faeb91d7 small PF_RING update cmd line opts changed 16 years ago
root ddf995da3b pfring support lb type, and now uses logging subsys 16 years ago
Jason Ish eab93e766a Do policy lookup for defrag. Add unit test for a default host os policy. Update example config to use a default. Add 2 new policies to the stream to cover all the policies for stream and defrag. 16 years ago
Jason Ish 5c3ab2b73f Load host OS info from the configuration. 16 years ago
Victor Julien 0693dc1a50 Fix typo in example config. 16 years ago
Pablo Rincon 38dc7ffebc Adding settings for detect engine group config 16 years ago
Jason Ish fbdf1baf1c - rebase
Provide limits to the unified outputs.
16 years ago
Jason Ish 7142fdb780 quick way to make max_pending configurable. 16 years ago
Gurvinder Singh 999a200bc9 pattern matcher options support 16 years ago
Jason Ish c72d6be58b Making logging configurable. If no logging outputs are defined the default will be used. - Currently per output log formatting is not available. 16 years ago
Pierre Chifflier 4515ae13e4 Add Prelude output plugin
Add support for reporting alerts to the Prelude SIEM system, using
libprelude to send IDMEF (RFC4765) messages.

Each message contains the alert description and reference (using
the SID/GID), and a normalized description (assessment, impact,
sources etc.)

libprelude handles the connection with the manager (collecting component),
spooling and sending the event asynchronously. It also offers transport
security (using TLS and trusted certificates) and reliability (events
are retransmitted if not sent successfully).

This modules requires a Prelude profile to work (see man prelude-admin
and the Prelude Handbook for help).

Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
16 years ago
Victor Julien 6a53ab9c5a Stream engine memory handling update
The stream engine memory handling needed updating as it didn't scale. Changes:

- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
  of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
  added.
- all reassembly errors are converted to debug msgs.
16 years ago
Nick Rogness 2b7b78f1bf Intial IPFW support FreeBSD and OSX 16 years ago
Victor Julien f08d01a8e8 Set sensible tcp timeout defaults and no longer set the timeouts from the stream engine. 16 years ago
Pablo Rincon 5592189c04 Loading flow settings from config 16 years ago
Jason Ish 4e1acf5fd2 Require that the configuration file begins with a valid YAML version. At this time this means the configuration file must begin with
%YAML 1.1
16 years ago
Jason Ish 844c444af1 Use the configuration file to setup alert logging (and http logging).
Only setup for the live pcap modes at the moment.
16 years ago
Victor Julien bea22d91ed Set default-rule-path in example config to /etc/suricata/rules/ 16 years ago
Victor Julien d284f0d333 Set default classification file location in the config file. 16 years ago
Will Metcalf 87a435cd0d updated to include more rulesets more sane vars 16 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 16 years ago