Modify Suricata defaults

2025-12-08 10:12:53 +01:00 · 2022-09-13 11:29:31 -04:00
parent 74d991da45
commit a32ff6f403
1 changed files with 86 additions and 101 deletions
--- a/salt/suricata/defaults.yaml
+++ b/salt/suricata/defaults.yaml
@@ -33,11 +33,11 @@ suricata:
      enabled: "yes"
      interval: 30
    outputs:
-      - fast:
+      fast:
        enabled: "no"
        filename: fast.log
        append: "yes"
-      - eve-log:
+      eve-log:
        enabled: "yes"
        filetype: regular
        filename: /nsm/eve-%Y-%m-%d-%H:%M.json
@@ -63,50 +63,49 @@ suricata:
                  metadata: true
                  raw: true
              tagged-packets: "no"
-      - unified2-alert:
+      unified2-alert:
        enabled: "no"
-      - http-log:
+      http-log:
        enabled: "no"
        filename: http.log
        append: "yes"
-      - tls-log:
+      tls-log:
        enabled: "no"
        filename: tls.log
        append: "yes"
-      - tls-store:
+      tls-store:
        enabled: "no"
-      - pcap-log:
+      pcap-log:
        enabled: "no"
        filename: log.pcap
        limit: 1000mb
        max-files: 2000
        compression: none
          mode: normal
        use-stream-depth: "no"
        honor-pass-rules: "no"
-      - alert-debug:
+      alert-debug:
        enabled: "no"
        filename: alert-debug.log
        append: "yes"
-      - alert-prelude:
+      alert-prelude:
        enabled: "no"
        profile: suricata
        log-packet-content: "no"
        log-packet-header: "yes"
-      - stats:
+      stats:
        enabled: "yes"
        filename: stats.log
        append: "yes"
        totals: "yes"
        threads: "no"
        null-values: "yes"
-      - syslog:
+      syslog:
        enabled: "no"
        facility: local5
-      - drop:
+      drop:
        enabled: "no"
-      - file-store:
+      file-store:
        version: 2
        enabled: "no"
        xff:
@@ -114,15 +113,15 @@ suricata:
          mode: extra-data
          deployment: reverse
          header: X-Forwarded-For
-      - tcp-data:
+      tcp-data:
        enabled: "no"
        type: file
        filename: tcp-data.log
-      - http-body-data:
+      http-body-data:
          enabled: "no"
          type: file
          filename: http-data.log
-      - lua:
+      lua:
        enabled: "no"
        scripts:
    logging:
@@ -398,24 +397,10 @@ suricata:
        enabled: "no"
        filename: lock_stats.log
        append: "yes"    
      pcap-log:
        enabled: "no"
        filename: pcaplog_stats.log
        append: "yes"
    nfq:
    nflog:
      - group: 2
        buffer-size: 18432
      - group: default
        qthreshold: 1
        qtimeout: 100
        max-size: 20000
    capture:
    netmap:
     - interface: eth2
     - interface: default
    ipfw:
    default-rule-path: /etc/suricata/rules
    rule-files:
      - all.rules