From da1cac0d53e00e2f667a3d09c4f8249b3da021a4 Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Thu, 6 Nov 2025 16:32:55 -0500
Subject: [PATCH] tls-log, http-log and syslog outputs deprecated
 https://github.com/Security-Onion-Solutions/securityonion/issues/15203

---
 salt/suricata/defaults.yaml | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/salt/suricata/defaults.yaml b/salt/suricata/defaults.yaml
index 88435a70a..e1b68e9d1 100644
--- a/salt/suricata/defaults.yaml
+++ b/salt/suricata/defaults.yaml
@@ -134,14 +134,6 @@ suricata:
               header: X-Forwarded-For
       unified2-alert:
         enabled: "no"
-      http-log:
-        enabled: "no"
-        filename: http.log
-        append: "yes"
-      tls-log:
-        enabled: "no"
-        filename: tls.log
-        append: "yes"
       tls-store:
         enabled: "no"
       pcap-log:
@@ -157,9 +149,6 @@ suricata:
         totals: "yes"
         threads: "no"
         null-values: "yes"
-      syslog:
-        enabled: "no"
-        facility: local5
       drop:
         enabled: "no"
       file-store:
@@ -463,3 +452,6 @@ suricata:
     classification-file: /etc/suricata/classification.config
     reference-config-file: /etc/suricata/reference.config
     threshold-file: /etc/suricata/threshold.conf
+
+
+# ENABLE for