CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

update Suricata config

Browse Source
This commit is contained in:
Wes Lambert
2020-05-27 16:59:26 +00:00
parent b7a0f79038
commit e78a3f3278
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/suricata/files/suricata.yaml
View File

@@ -99,7 +99,7 @@ outputs:
- eve-log: - eve-log:
enabled: yes enabled: yes
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: eve.json filename: /nsm/eve.json
rotate-interval: day rotate-interval: day
community-id: true community-id: true
community-id-seed: 0 community-id-seed: 0
@@ -918,7 +918,7 @@ host-mode: auto
# If you are using the CUDA pattern matcher (mpm-algo: ac-cuda), different rules # If you are using the CUDA pattern matcher (mpm-algo: ac-cuda), different rules
# apply. In that case try something like 60000 or more. This is because the CUDA # apply. In that case try something like 60000 or more. This is because the CUDA
# pattern matcher buffers and scans as many packets as possible in parallel. # pattern matcher buffers and scans as many packets as possible in parallel.
#max-pending-packets: 1024 max-pending-packets: 5000
# Runmode the engine should use. Please check --list-runmodes to get the available # Runmode the engine should use. Please check --list-runmodes to get the available
# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned # runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned