suricata:
  config:
    outputs:
      - eve-log:
          types:
            - anomaly:
                enabled: "no"
                types:
                   decode: "no"
                   stream: "no"
                   applayer: "yes"
                packethdr: "no"
            - http:
                extended: "yes"
                #custom: [Accept-Encoding, Accept-Language, Authorization]
                # dump-all-headers: none
            - dns:
                version: 2
                enabled: "yes"
                #requests: "no"
                #responses: "no"
                #formats: [detailed, grouped]
                #types: [a, aaaa, cname, mx, ns, ptr, txt]
            - tls:
                extended: "yes"
                #session-resumption: "no"
                #custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, chain, ja3, ja3s]
            - files:
                force-magic: "no"
                #force-hash: [md5]
            #- drop:
            #    alerts: "yes"
            #    flows: all
            - smtp:
                extended: "yes"
                #custom: [received, x-mailer, x-originating-ip, relays, reply-to, bcc]
                #md5: [body, subject]
            - dnp3
            - ftp
            - rdp
            - nfs
            - smb
            - tftp
            - ikev2
            - krb5
            - snmp
            - sip
            - dhcp:
                enabled: "yes"
            #    extended: "no"
            - ssh
            #- stats:
            #    totals: "yes"
            #    threads: "no"
            #    deltas: "no"
            - flow
            #- netflow
            #- metadata