mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-26 22:47:49 +02:00
Mike Reeves
33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
zeek:
|
|
logging:
|
|
enabled:
|
|
description: This is a list of zeek logs that will be shipped through the pipeline. If you remove a log from this list it will still persist on the sensor.
|
|
config:
|
|
node:
|
|
lb_procs:
|
|
description: This is the amount of CPUs to use for Zeek. This setting is ignored if you are using pins.
|
|
node: True
|
|
zeek_pins_enabled:
|
|
description:
|
|
node: True
|
|
zeek_pins:
|
|
description: List of CPUs you want to
|
|
node: True
|
|
zeekctl:
|
|
CompressLogs:
|
|
description: Enable compression of zeek logs. If you are seeing packet loss at the top of the hour in zeek or pcap you might need to set this to 0. This will use more disk space but save IO and CPU.
|
|
policy:
|
|
custom:
|
|
filters:
|
|
conn:
|
|
description: Conn Filter for Zeek. This is an advanced setting and will take further action to enable.
|
|
file: True
|
|
global: True
|
|
advanced: True
|
|
file_extraction:
|
|
description: This is a list of mime types Zeek will extract from the network streams.
|
|
load:
|
|
description: List of Zeek policies to load
|
|
load-sigs:
|
|
description: List of Zeek signatures to load
|
|
|