--- /dev/null
+%YAML 1.1
+---
+
+stats:
+ enabled: yes
+ # The interval field (in seconds) controls at what interval
+ # the loggers are invoked.
+ interval: 8
+
+# Configure the type of alert (and other) logging you would like.
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular
+ filename: eve.json
+ types:
+ - alert:
+ # payload: yes # enable dumping payload in Base64
+ # payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
+ # payload-printable: yes # enable dumping payload in printable (lossy) format
+ # packet: yes # enable dumping of packet (without stream segments)
+ # http: yes # enable dumping of http fields
+ # tls: yes # enable dumping of tls fields
+ # ssh: yes # enable dumping of ssh fields
+ # smtp: yes # enable dumping of smtp fields
+
+ # HTTP X-Forwarded-For support by adding an extra field or overwriting
+ # the source or destination IP address (depending on flow direction)
+ # with the one reported in the X-Forwarded-For HTTP header. This is
+ # helpful when reviewing alerts for traffic that is being reverse
+ # or forward proxied.
+ xff:
+ enabled: no
+ # Two operation modes are available, "extra-data" and "overwrite".
+ mode: extra-data
+ # Two proxy deployments are supported, "reverse" and "forward". In
+ # a "reverse" deployment the IP address used is the last one, in a
+ # "forward" deployment the first IP address is used.
+ deployment: reverse
+ # Header name where the actual IP address will be reported, if more
+ # than one IP address is present, the last IP address will be the
+ # one taken into consideration.
+ header: X-Forwarded-For
+ - http:
+ extended: yes # enable this for extended logging information
+ # custom allows additional http fields to be included in eve-log
+ # the example below adds three additional fields when uncommented
+ #custom: [Accept-Encoding, Accept-Language, Authorization]
+ - dns:
+ version: 2
+ - tls:
+ extended: yes # enable this for extended logging information
+ - files:
+ force-magic: no # force logging magic on all logged files
+ force-md5: no # force logging of md5 checksums
+ #- drop:
+ # alerts: no # log alerts that caused drops
+ - smtp:
+ #extended: yes # enable this for extended logging information
+ # this includes: bcc, message-id, subject, x_mailer, user-agent
+ # custom fields logging from the list:
+ # reply-to, bcc, message-id, subject, x-mailer, user-agent, received,
+ # x-originating-ip, in-reply-to, references, importance, priority,
+ # sensitivity, organization, content-md5, date
+ #custom: [received, x-mailer, x-originating-ip, relays, reply-to, bcc]
+ # output md5 of fields: body, subject
+ # for the body you need to set app-layer.protocols.smtp.mime.body-md5
+ # to yes
+ #md5: [body, subject]
+
+ - ssh
+ # - stats:
+ # totals: yes # stats for all threads merged together
+ # threads: no # per thread stats
+ # deltas: no # include delta values
+ # bi-directional flows
+ #- flow
+ # uni-directional flows
+ #- netflow
+
projects / thirdparty / suricata-verify.git / commitdiff
