suricata: config: vars: address-groups: HOME_NET: description: List of hosts or netowrks. EXTERNAL_NET: description: List of hosts or netowrks. HTTP_SERVERS: description: List of hosts or netowrks. SMTP_SERVERS: description: List of hosts or netowrks. SQL_SERVERS: description: List of hosts or netowrks. DNS_SERVERS: description: List of hosts or netowrks. TELNET_SERVERS: description: List of hosts or netowrks. AIM_SERVERS: description: List of hosts or netowrks. DC_SERVERS: description: List of hosts or netowrks. DNP3_SERVER: description: List of hosts or netowrks. DNP3_CLIENT: description: List of hosts or netowrks. MODBUS_CLIENT: description: List of hosts or netowrks. MODBUS_SERVER: description: List of hosts or netowrks. ENIP_CLIENT: description: List of hosts or netowrks. ENIP_SERVER: description: List of hosts or netowrks. port-groups: HTTP_PORTS: description: List of HTTP ports to look for HTTP traffic on. SHELLCODE_PORTS: description: List of SHELLCODE ports to look for SHELLCODE traffic on. ORACLE_PORTS: description: List of ORACLE ports to look for ORACLE traffic on. SSH_PORTS: description: List of SSH ports to look for SSH traffic on. DNP3_PORTS: description: List of DNP3 ports to look for DNP3 traffic on. MODBUS_PORTS: description: List of MODBUS ports to look for MODBUS traffic on. FILE_DATA_PORTS: description: List of FILE_DATA ports to look for FILE_DATA traffic on. FTP_PORTS: description: List of FTP ports to look for FTP traffic on. VXLAN_PORTS: description: List of VXLAN ports to look for VXLAN traffic on. TEREDO_PORTS: description: List of TEREDO ports to look for TEREDO traffic on. outputs: eve-log: xff: enabled: description: Enable X-Forward-For support. mode: description: Operation mode. This should always be extra-data if you use PCAP. deployment: description: forward would use the first IP address and reverse would use the last. header: description: Header name where the actual IP address will be reported. asn1-max-frames: description: Maximum nuber of asn1 frames to decode. max-pending-packets: description: Number of packets preallocated per thread. default-packet-size: description: Preallocated size for each packet. pcre: match-limit: description: Match limit for PCRE. match-limit-recursion: description: Recursion limit for PCRE. defrag: memcap: description: Max memory to use for defrag. You should only change this if you know what you are doing. hash-size: description: Hash size trackers: description: Number of defragmented flows to follow. max-frags: description: Max number of fragments to keep prealloc: description: Preallocate memory. timeout: description: Timeout value. flow: memcap: description: Reserverd memory for flows. hash-size: description: Determines the size of the hash used to identify flows inside the engine. prealloc: description: Number of preallocated flows. stream: memcap: description: Can be specified in kb,mb,gb. checksum-validation: description: Validate checksum of packets. reassembly: memcap: description: Can be specified in kb,mb,gb. host: hash-size: description: Hash size in bytes. prealloc: description: How many streams to preallocate. memcap: description: Memory settings for host. decoder: teredo: enabled: description: Enable TEREDO capabilities ports: description: Ports to listen for. This should be a variable. vxlan: enabled: description: Enable VXLAN capabilities. ports: description: Ports to listen for. This should be a variable.