Merge pull request #10427 from Security-Onion-Solutions/issue/10229

Issue/10229

salt/suricata/defaults.yaml

@@ -2,28 +2,24 @@ suricata:
   enabled: False
   config:
     threading:
-        set-cpu-affinity: 'no'
-        detect-thread-ratio: 1.0
-        cpu-affinity:
-            - management-cpu-set:
-                cpu: []
-            - receive-cpu-set:
-                cpu: []
-            - worker-cpu-set:
-                cpu: []
-                mode: exclusive
-                threads: 1
-                prio:
-                    default: high
+      set-cpu-affinity: "no"
+      cpu-affinity:
+        - management-cpu-set:
+            cpu: []
+        - worker-cpu-set:
+            cpu: []
+            mode: exclusive
+            prio:
+              default: high
     af-packet:
-        interface: bond0
-        cluster-id: 59
-        cluster-type: cluster_flow
-        defrag: true
-        use-mmap: true
-        threads: 1
-        tpacket-v3: true
-        ring-size: 5000
+      interface: bond0
+      cluster-id: 59
+      cluster-type: cluster_flow
+      defrag: "yes"
+      use-mmap: "yes"
+      threads: 1
+      tpacket-v3: "yes"
+      ring-size: 5000
     vars:
       address-groups:
         HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
@@ -69,11 +65,6 @@ suricata:
         pcap-file: false
         community-id: true
         community-id-seed: 0
-        xff:
-          enabled: "no"
-          mode: extra-data
-          deployment: reverse
-          header: X-Forwarded-For
         types:
           - alert:
               payload: "no"
@@ -87,6 +78,11 @@ suricata:
                   metadata: true
                   raw: true
               tagged-packets: "no"
+              xff:
+                enabled: "no"
+                mode: extra-data
+                deployment: reverse
+                header: X-Forwarded-For
       unified2-alert:
         enabled: "no"
       http-log: