suricata: config: outputs: - file-store: version: 2 enabled: "yes" dir: /nsm/extracted #write-fileinfo: "yes" #force-filestore: "yes" stream-depth: 0 #max-open-files: 1000 #force-hash: [sha1, md5] xff: enabled: "no" mode: extra-data deployment: reverse header: X-Forwarded-For - eve-log: types: - anomaly: enabled: "no" types: decode: "no" stream: "no" applayer: "yes" packethdr: "no" - http: extended: "yes" #custom: [Accept-Encoding, Accept-Language, Authorization] # dump-all-headers: none - dns: version: 2 enabled: "yes" #requests: "no" #responses: "no" formats: [grouped] #types: [a, aaaa, cname, mx, ns, ptr, txt] - tls: extended: "yes" #session-resumption: "no" #custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, chain, ja3, ja3s] - files: force-magic: "yes" force-hash: [md5,sha1] #- drop: # alerts: "yes" # flows: all - smtp: extended: "yes" #custom: [received, x-mailer, x-originating-ip, relays, reply-to, bcc] #md5: [body, subject] - dnp3 - ftp - rdp - nfs - smb - tftp - ikev2 - krb5 - snmp - sip - dhcp: enabled: "yes" extended: "yes" - ssh #- stats: # totals: "yes" # threads: "no" # deltas: "no" - flow #- netflow #- metadata