suricata: Increase memory size for the stream engine

This change also ensures that suricata has a decent number of streams preallocated to be able to handle any bursts in traffic. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-15 05:22:59 +02:00 · 2019-02-28 14:28:22 +00:00
parent ab1444b4f4
commit 0b340f0938
1 changed files with 5 additions and 5 deletions
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -627,7 +627,8 @@ flow-timeouts:
 #                               # is used in a rule.
 #
 stream:
-  memcap: 64mb
+  memcap: 256mb
+  prealloc-sessions: 4k
  checksum-validation: yes      # reject wrong csums
  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
  reassembly:
@@ -636,10 +637,9 @@ stream:
    toserver-chunk-size: 2560
    toclient-chunk-size: 2560
    randomize-chunk-size: yes
-    #randomize-chunk-range: 10
-    #raw: yes
-    #segment-prealloc: 2048
-    #check-overlap-different-data: true
+    raw: yes
+    segment-prealloc: 2048
+    check-overlap-different-data: true

 # Host table:
 #