[netflow-tools] softflowd timeouts
Michael W. Lucas
mwlucas at blackhelicopters.org
Mon May 2 22:59:42 EST 2005
On Mon, May 02, 2005 at 08:43:43AM -0400, Michael W. Lucas wrote:
> I'm looking to adjust the timeouts of softflowd so that I can get
> "closer to real-time" detection of port scans, etc. 99.99% of my
> flows on this web server farm are short-lived, so it appears that the
> TCP timeout of 3600s is a little high.
>
> What sort of negative effects could I expect if I set the TCP timeout
> to, say, 300s? Surely something drove setting the TCP timeout to 1
> hour?
And sorry to follow up on myself:
Damien said the timeouts are 30min, but on a default install on
FreeBSD I see:
# softflowctl timeouts
softflowd[57604]: Printing timeouts:
TCP timeout: 3600s
TCP post-RST timeout: 120s
TCP post-FIN timeout: 300s
UDP timeout: 300s
ICMP timeout: 300s
General timeout: 3600s
Maximum lifetime: 604800s
Expiry interval: 60s
--
Michael W. Lucas mwlucas at FreeBSD.org, mwlucas at BlackHelicopters.org
http://www.BlackHelicopters.org/~mwlucas/
Latest book: Cisco Routers for the Desperate
http://www.CiscoRoutersForTheDesperate.com
More information about the netflow-tools
mailing list