Different way to change the flow timeouts (apart from multi-tenancy)

Graham_Bartlett · December 19, 2023, 9:09am

Please include the following information with your help request:

Suricata version

Operating system and/or Linux distribution

How you installed Suricata (from source, packages, something else)
Hi

I’m thinking of different ways change the flow timeouts. I have a handful of servers / protocols that have very long lived flows and the default timeout needs to be updated, however I only wanted to update it for these servers.

The only way that I could think of doing this is to capture the traffic for the servers on a vlan or seperate interface (device) and then use multi-tenancy.

I wanted to ask if there’s any other way to achieve this ?

many thanks

Andreas_Herz · February 28, 2024, 8:13pm

You could use different suricata instances on different interfaces but this could be a more complex setup instead of finding a proper value that would work for all environments. But it would be proper isolated.

Topic		Replies	Views
Rules for different network interfaces Help	7	1173	April 30, 2022
Multi-tenancy & VLANs Help	2	1222	May 22, 2020
Suricata 7 IPS NFQueue drops established TCP after flow-timeouts.tcp.established=600 Help ips , suricata	1	44	April 21, 2024
Dinamically change interfaces Help suricata	5	419	May 17, 2023
Connections dropping out Help	5	1073	October 22, 2020

Different way to change the flow timeouts (apart from multi-tenancy)

Related Topics