Suricata Module - Modify default meta data collection

2025-12-06 17:22:49 +01:00 · 2018-09-27 12:35:59 -04:00
parent ae181540f7
commit 51db158b2d
1 changed files with 6 additions and 6 deletions
--- a/salt/suricata/files/suricata.yaml
+++ b/salt/suricata/files/suricata.yaml
@@ -54,12 +54,12 @@ vars:
 ## Step 2: select the rules to enable or disable
 ##

-default-rule-path: /usr/local/etc/suricata/rules
+default-rule-path: /etc/suricata/rules
 rule-files:
 - all.rules

-classification-file: /usr/local/etc/suricata/classification.config
-reference-config-file: /usr/local/etc/suricata/reference.config
+classification-file: /etc/suricata/classification.config
+reference-config-file: /etc/suricata/reference.config
 # threshold-file: /usr/local/etc/suricata/threshold.config


@@ -70,7 +70,7 @@ reference-config-file: /usr/local/etc/suricata/reference.config
 # The default logging directory.  Any log or output file will be
 # placed here if its not specified with a full path name. This can be
 # overridden with the -l command line parameter.
-default-log-dir: /usr/local/var/log/suricata/
+default-log-dir: /var/log/suricata/

 # global stats configuration
 stats:
@@ -123,8 +123,8 @@ outputs:
            # http-body: yes           # enable dumping of http body in Base64
            # http-body-printable: yes # enable dumping of http body in printable format
            metadata:
-              app-layer: true
-              flow: true
+              app-layer: false
+              flow: false
              rule:
                metadata: true
                raw: true