%YAML 1.1
---
# Suricata Emergingthreats Pro Open Rulesets Recommended
-reference-config-file: /etc/suricata/reference.config
+reference-config-file: /etc/suricata/rules/reference.config
# Number of packets allowed to be processed simultaneously. Default is a
# conservative 50. a higher number will make sure CPU's/CPU cores will be
enabled: no
filename: unified.log
- # Limit in MB.
- #limit: 32
+ #limit: 32mb
# alert output for use with Barnyard
- unified-alert:
enabled: no
filename: unified.alert
- # Limit in MB.
- #limit: 32
+ #limit: 32mb
# alert output for use with Barnyard2
- unified2-alert:
enabled: no
filename: unified2.alert
- # Limit in MB.
- #limit: 32
+ #limit: 32mb
# a line based log of HTTP requests (no alerts)
- http-log:
stream:
memcap: 33554432
checksum_validation: yes
+ inline: yes
reassembly:
memcap: 67108864
depth: 1048576
enabled: no
facility: local5
format: "[%i] <%d> -- "
+ - drop:
+ enabled: yes
+ filename: drop.log
+ append: yes
+
+nfq:
+ mode: repeat
+ repeat_mark: 1
+ repeat_mask: 1
# PF_RING configuration. for use with native PF_RING support
# for more info see http://www.ntop.org/PF_RING.html
# - emerging-tor.rules
# - emerging-mobile_malware.rules
-classification-file: /etc/suricata/classification.config
+classification-file: /etc/suricata/rules/classification.config
# Holds variables that would be used by the engine.
vars: