CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move Suricata around

Browse Source
This commit is contained in:
Mike Reeves
2024-03-06 10:35:10 -05:00
parent f836d6a61d
commit 4dfa1a5626
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/suricata/defaults.yaml
View File

@@ -1,5 +1,8 @@
suricata: suricata:
enabled: False enabled: False
pcap:
filesize: 1000mb
maxsize: 25
config: config:
threading: threading:
set-cpu-affinity: "no" set-cpu-affinity: "no"
@@ -132,9 +135,7 @@ suricata:
lz4-checksum: "no" lz4-checksum: "no"
lz4-level: 8 lz4-level: 8
filename: "%n/so-pcap.%t" filename: "%n/so-pcap.%t"
limit: "1000mb"
mode: "multi" mode: "multi"
max-files: 10
use-stream-depth: "no" use-stream-depth: "no"
conditional: "all" conditional: "all"
dir: "/nsm/suripcap" dir: "/nsm/suripcap"

8
salt/suricata/soc_suricata.yaml
View File

@@ -19,6 +19,14 @@ suricata:
multiline: True multiline: True
title: Classifications title: Classifications
helpLink: suricata.html helpLink: suricata.html
pcap:
filesize:
description: Max file size for individual PCAP files written by Suricata. Increasing this number could improve write performance at the expense of pcap retrieval times.
advanced: True
helplink: suricata.html
maxsize:
description: Size in GB for total usage size of PCAP on disk.
helplink: suricata.html
config: config:
af-packet: af-packet:
interface: interface: