setup: Drop /etc/environment

[ipfire-3.x.git] / suricata / suricata.conf

diff --git a/suricata/suricata.conf b/suricata/suricata.conf
index 672a306966d1e644cca3fa74c386e5ce61a78ad1..3fc11c70449ae780a4e637f568d8ace2fd8fc4a5 100644 (file)
--- a/suricata/suricata.conf
+++ b/suricata/suricata.conf
@@ -1,7 +1,7 @@
 %YAML 1.1
 ---
 # Suricata Emergingthreats Pro Open Rulesets Recommended
-reference-config-file: /etc/suricata/reference.config
+reference-config-file: /etc/suricata/rules/reference.config
 
 # Number of packets allowed to be processed simultaneously.  Default is a
 # conservative 50. a higher number will make sure CPU's/CPU cores will be
@@ -39,24 +39,21 @@ outputs:
       enabled: no
       filename: unified.log
 
-      # Limit in MB.
-      #limit: 32
+      #limit: 32mb
 
   # alert output for use with Barnyard
   - unified-alert:
       enabled: no
       filename: unified.alert
 
-      # Limit in MB.
-      #limit: 32
+      #limit: 32mb
 
   # alert output for use with Barnyard2
   - unified2-alert:
       enabled: no
       filename: unified2.alert
 
-      # Limit in MB.
-      #limit: 32
+      #limit: 32mb
 
   # a line based log of HTTP requests (no alerts)
   - http-log:
@@ -255,6 +252,7 @@ flow-timeouts:
 stream:
   memcap: 33554432
   checksum_validation: yes
+  inline: yes
   reassembly:
     memcap: 67108864
     depth: 1048576
@@ -295,6 +293,15 @@ logging:
       enabled: no
       facility: local5
       format: "[%i] <%d> -- "
+  - drop:
+      enabled: yes
+      filename: drop.log
+      append: yes
+
+nfq:
+      mode: repeat
+      repeat_mark: 1
+      repeat_mask: 1
 
 # PF_RING configuration. for use with native PF_RING support
 # for more info see http://www.ntop.org/PF_RING.html
@@ -388,7 +395,7 @@ rule-files:
 # - emerging-tor.rules
 # - emerging-mobile_malware.rules
 
-classification-file: /etc/suricata/classification.config
+classification-file: /etc/suricata/rules/classification.config
 
 # Holds variables that would be used by the engine.
 vars: