Please include the following information with your help request:
- Suricata version
- Operating system and/or Linux distribution
- How you installed Suricata (from source, packages, something else)
I’m thinking of different ways change the flow timeouts. I have a handful of servers / protocols that have very long lived flows and the default timeout needs to be updated, however I only wanted to update it for these servers.
The only way that I could think of doing this is to capture the traffic for the servers on a vlan or seperate interface (device) and then use multi-tenancy.
I wanted to ask if there’s any other way to achieve this ?