adjust logging options

2025-12-09 02:32:46 +01:00 · 2018-11-03 15:17:38 +00:00
parent a531dd6e52
commit 61802f7d62
1 changed files with 15 additions and 14 deletions
--- a/salt/suricata/files/suricata.yaml
+++ b/salt/suricata/files/suricata.yaml
@@ -93,6 +93,7 @@ outputs:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
      filename: eve.json
+      rotate-interval: day
      #prefix: "@cee: " # prefix to prepend to each log entry
      # the following are valid when type: syslog above
      #identity: "suricata"
@@ -150,29 +151,29 @@ outputs:
              # than one IP address is present, the last IP address will be the
              # one taken into consideration.
              header: X-Forwarded-For
-        - http:
-            extended: no     # enable this for extended logging information
+        #- http:
+        #    extended: no     # enable this for extended logging information
            # custom allows additional http fields to be included in eve-log
            # the example below adds three additional fields when uncommented
            #custom: [Accept-Encoding, Accept-Language, Authorization]
-        - dns:
+        #- dns:
            # control logging of queries and answers
            # default yes, no to disable
-            query: no     # enable logging of DNS queries
-            answer: no    # enable logging of DNS answers
+        #    query: no     # enable logging of DNS queries
+        #    answer: no    # enable logging of DNS answers
            # control which RR types are logged
            # all enabled if custom not specified
            #custom: [a, aaaa, cname, mx, ns, ptr, txt]
-        - tls:
-            extended: no     # enable this for extended logging information
+        #- tls:
+        #    extended: no     # enable this for extended logging information
            # output TLS transaction where the session is resumed using a
            # session id
            #session-resumption: no
            # custom allows to control which tls fields that are included
            # in eve-log
            #custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, chain]
-        - files:
-            force-magic: no   # force logging magic on all logged files
+        #- files:
+        #    force-magic: no   # force logging magic on all logged files
            # force logging of checksums, available hash functions are md5,
            # sha1 and sha256
            #force-hash: [md5]
@@ -180,7 +181,7 @@ outputs:
        #    alerts: yes      # log alerts that caused drops
        #    flows: all       # start or all: 'start' logs only a single drop
        #                     # per flow direction. All logs each dropped pkt.
-        - smtp:
+        #- smtp:
            #extended: yes # enable this for extended logging information
            # this includes: bcc, message-id, subject, x_mailer, user-agent
            # custom fields logging from the list:
@@ -196,10 +197,10 @@ outputs:
        #- dnp3
        #- nfs
        #- ssh:
-        - stats:
-            totals: yes       # stats for all threads merged together
-            threads: no       # per thread stats
-            deltas: no        # include delta values
+        #- stats:
+        #    totals: yes       # stats for all threads merged together
+        #    threads: no       # per thread stats
+        #    deltas: no        # include delta values
        # bi-directional flows
        #- flow:
        # uni-directional flows