Samiux

CyberSecurity Ninjas 网络空间安全忍者

View on GitHub

Definition of nsm.conf (Host Based)

The definition of the items in “nsm.conf” :

EXT_IP : The external IP address of the network, usually it is called “real” IP address.

If you have a very powerful CPU and at least 16GB memory, you can set higher values.

MAX_PENDING_PACKETS : The maximum pending packets for Suricata. The minimum value is “1024” and the maximum value is “65534”. The larger value the more amount of memory used. The default value is “1024”. The default value is suit for 8GB memory of the system. The higher the value the higher the CPU loading.

RUN_MODE : The run mode of Suricata, it is either “autofp” or “workers”. “autofp” is load balancing while “workers” is performance. The default value is “autofp”.

DETECT_PROFILE : The detect profile for Suricata, it can be “low”, “medium” and “high”. The higher the profile, the higher CPU loading. The default value is “high”. The higher the value the higher memory usage. The default value is suit for 8GB memory of the system.

NF_IPTABLES : The total number of cores or threadings. If 2 threadings, the value is “0:1”. The default is 4 threadings, “0:3”.

NF_YAML : The total number of cores or threadings. If 2 threadings, the value is “-q 0 -q1”. The default is 4 threadings, “-q 0 -q 1 -q 2 -q 3”.