From e78a3f32780b0c8c6c5093a5161479b881a92621 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 27 May 2020 16:59:26 +0000
Subject: [PATCH] update Suricata config

---
 salt/suricata/files/suricata.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/suricata/files/suricata.yaml b/salt/suricata/files/suricata.yaml
index 5a0121b63..65465806f 100644
--- a/salt/suricata/files/suricata.yaml
+++ b/salt/suricata/files/suricata.yaml
@@ -99,7 +99,7 @@ outputs:
   - eve-log:
       enabled: yes
       filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
-      filename: eve.json
+      filename: /nsm/eve.json
       rotate-interval: day
       community-id: true
       community-id-seed: 0
@@ -918,7 +918,7 @@ host-mode: auto
 # If you are using the CUDA pattern matcher (mpm-algo: ac-cuda), different rules
 # apply. In that case try something like 60000 or more. This is because the CUDA
 # pattern matcher buffers and scans as many packets as possible in parallel.
-#max-pending-packets: 1024
+max-pending-packets: 5000
 
 # Runmode the engine should use. Please check --list-runmodes to get the available
 # runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned