Suricata 1.4beta1 released

The OISF development team is proud to announce Suricata 1.4beta1. This is the first beta release for the upcoming 1.4 version. It is the result of major effort by the OISF team with significant help from community contributors Ignacio Sanchez and Simon Moon.

Get the new release here: suricata-1.4beta1.tar.gz

New features

– Custom HTTP logging contributed by Ignacio Sanchez (#530)
– TLS certificate logging and fingerprint computation and keyword by Jean-Paul Roliers (#443)
– TLS certificate store to disk feature Jean-Paul Roliers (#444)
– Decoding of IPv4-in-IPv6, IPv6-in-IPv6 and Teredo tunnels (#462, #514, #480)
– AF_PACKET IPS support (#516)
– Rules can be set to inspect only IPv4 or IPv6 (#494)
– filesize keyword for matching on sizes of files in HTTP (#489)
– Delayed detect initialization. Starts processing packets right away and loads detection engine in the background (#522)
– NFQ fail open support (#507)
– Highly experimental lua scripting support for detection


– Live reloads now supports HTTP rule updates better (#522)
– AF_PACKET performance improvements (#197, #415)
– Make defrag more configurable (#517, #528)
– Improve pool performance (#518)
– Improve file inspection keywords by adding a separate API (#531)
– Example threshold.config file provided (#302)


– Fix building of perf profiling code on i386 platform. By Simon Moon (#534)
– Various spelling corrections by Simon Moon (#533)


We’d like to thank the following people and corporations for their contributions and feedback:

Jean-Paul Roliers
Ignacio Sanchez
Michel Saborde
Simon Moon

Known issues & missing features

In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See Issues for an up to date list and to report new issues. See Known issues for a discussion and time line for the major issues.