mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-25 22:17:49 +02:00
merge with dev and fix conflicts
This commit is contained in:
@@ -99,7 +99,7 @@ outputs:
|
||||
- eve-log:
|
||||
enabled: yes
|
||||
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
|
||||
filename: eve.json
|
||||
filename: /nsm/eve.json
|
||||
rotate-interval: day
|
||||
community-id: true
|
||||
community-id-seed: 0
|
||||
@@ -918,7 +918,7 @@ host-mode: auto
|
||||
# If you are using the CUDA pattern matcher (mpm-algo: ac-cuda), different rules
|
||||
# apply. In that case try something like 60000 or more. This is because the CUDA
|
||||
# pattern matcher buffers and scans as many packets as possible in parallel.
|
||||
#max-pending-packets: 1024
|
||||
max-pending-packets: 5000
|
||||
|
||||
# Runmode the engine should use. Please check --list-runmodes to get the available
|
||||
# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
|
||||
|
||||
@@ -59,6 +59,12 @@ ruleslink:
|
||||
file.symlink:
|
||||
- name: /opt/so/saltstack/local/salt/suricata/rules
|
||||
- target: /opt/so/rules/nids
|
||||
|
||||
suridatadir:
|
||||
file.directory:
|
||||
- name: /nsm/suricata
|
||||
- user: 940
|
||||
- group: 939
|
||||
|
||||
surirulesync:
|
||||
file.recurse:
|
||||
@@ -124,6 +130,7 @@ so-suricata:
|
||||
- /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro
|
||||
- /opt/so/conf/suricata/rules:/etc/suricata/rules:ro
|
||||
- /opt/so/log/suricata/:/var/log/suricata/:rw
|
||||
- /nsm/suricata/:/nsm/:rw
|
||||
- /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro
|
||||
- network_mode: host
|
||||
- watch:
|
||||
|
||||
Reference in New Issue
Block a user