[netflow-tools] softflowd timeouts
Michael W. Lucas
mwlucas at blackhelicopters.org
Mon May 2 22:43:43 EST 2005
I'm looking to adjust the timeouts of softflowd so that I can get
"closer to real-time" detection of port scans, etc. 99.99% of my
flows on this web server farm are short-lived, so it appears that the
TCP timeout of 3600s is a little high.
What sort of negative effects could I expect if I set the TCP timeout
to, say, 300s? Surely something drove setting the TCP timeout to 1
hour?
==ml
--
Michael W. Lucas mwlucas at FreeBSD.org, mwlucas at BlackHelicopters.org
http://www.BlackHelicopters.org/~mwlucas/
Latest book: Cisco Routers for the Desperate
http://www.CiscoRoutersForTheDesperate.com
More information about the netflow-tools
mailing list