Different way to change the flow timeouts (apart from multi-tenancy)

Graham_Bartlett · December 19, 2023, 9:09am

Please include the following information with your help request:

Suricata version

Operating system and/or Linux distribution

How you installed Suricata (from source, packages, something else)
Hi

I’m thinking of different ways change the flow timeouts. I have a handful of servers / protocols that have very long lived flows and the default timeout needs to be updated, however I only wanted to update it for these servers.

The only way that I could think of doing this is to capture the traffic for the servers on a vlan or seperate interface (device) and then use multi-tenancy.

I wanted to ask if there’s any other way to achieve this ?

many thanks

Andreas_Herz · February 28, 2024, 8:13pm

You could use different suricata instances on different interfaces but this could be a more complex setup instead of finding a proper value that would work for all environments. But it would be proper isolated.

Topic		Replies	Views
Active timeout for flows Help	1	377	August 29, 2021
Accumulation of flow-timeout inuse Help	9	8188	May 26, 2021
Rules for different network interfaces Help	7	1368	April 30, 2022
Multi-tenancy & VLANs Help	2	1295	May 22, 2020
Multi-Tenancy: VLANs Help	4	822	December 12, 2021

Different way to change the flow timeouts (apart from multi-tenancy)

Related topics