From 61802f7d624c59db10073a1da69046178bd4e005 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Sat, 3 Nov 2018 15:17:38 +0000
Subject: [PATCH] adjust logging options

---
 salt/suricata/files/suricata.yaml | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/salt/suricata/files/suricata.yaml b/salt/suricata/files/suricata.yaml
index 5a6c3ed72..5b9788620 100644
--- a/salt/suricata/files/suricata.yaml
+++ b/salt/suricata/files/suricata.yaml
@@ -93,6 +93,7 @@ outputs:
       enabled: yes
       filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
       filename: eve.json
+      rotate-interval: day
       #prefix: "@cee: " # prefix to prepend to each log entry
       # the following are valid when type: syslog above
       #identity: "suricata"
@@ -150,29 +151,29 @@ outputs:
               # than one IP address is present, the last IP address will be the
               # one taken into consideration.
               header: X-Forwarded-For
-        - http:
-            extended: no     # enable this for extended logging information
+        #- http:
+        #    extended: no     # enable this for extended logging information
             # custom allows additional http fields to be included in eve-log
             # the example below adds three additional fields when uncommented
             #custom: [Accept-Encoding, Accept-Language, Authorization]
-        - dns:
+        #- dns:
             # control logging of queries and answers
             # default yes, no to disable
-            query: no     # enable logging of DNS queries
-            answer: no    # enable logging of DNS answers
+        #    query: no     # enable logging of DNS queries
+        #    answer: no    # enable logging of DNS answers
             # control which RR types are logged
             # all enabled if custom not specified
             #custom: [a, aaaa, cname, mx, ns, ptr, txt]
-        - tls:
-            extended: no     # enable this for extended logging information
+        #- tls:
+        #    extended: no     # enable this for extended logging information
             # output TLS transaction where the session is resumed using a
             # session id
             #session-resumption: no
             # custom allows to control which tls fields that are included
             # in eve-log
             #custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, chain]
-        - files:
-            force-magic: no   # force logging magic on all logged files
+        #- files:
+        #    force-magic: no   # force logging magic on all logged files
             # force logging of checksums, available hash functions are md5,
             # sha1 and sha256
             #force-hash: [md5]
@@ -180,7 +181,7 @@ outputs:
         #    alerts: yes      # log alerts that caused drops
         #    flows: all       # start or all: 'start' logs only a single drop
         #                     # per flow direction. All logs each dropped pkt.
-        - smtp:
+        #- smtp:
             #extended: yes # enable this for extended logging information
             # this includes: bcc, message-id, subject, x_mailer, user-agent
             # custom fields logging from the list:
@@ -196,10 +197,10 @@ outputs:
         #- dnp3
         #- nfs
         #- ssh:
-        - stats:
-            totals: yes       # stats for all threads merged together
-            threads: no       # per thread stats
-            deltas: no        # include delta values
+        #- stats:
+        #    totals: yes       # stats for all threads merged together
+        #    threads: no       # per thread stats
+        #    deltas: no        # include delta values
         # bi-directional flows
         #- flow:
         # uni-directional flows