yaml: move logging up

diff --git a/suricata.yaml.in b/suricata.yaml.in
index c750d27df073c476ef2a54737591add7e42ce5dc..4d24174ad38b54c31134b115e0195de4ff0d8a70 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -103,6 +103,50 @@ rule-files:
 # - modbus-events.rules  # available in suricata sources under rules dir
 # - app-layer-events.rules  # available in suricata sources under rules dir
 
+##
+## Step 3: select outputs to enable
+##
+
+# Logging configuration.  This is not about logging IDS alerts, but
+# output about what Suricata is doing, like startup messages, errors, etc.
+logging:
+  # The default log level, can be overridden in an output section.
+  # Note that debug level logging will only be emitted if Suricata was
+  # compiled with the --enable-debug configure option.
+  #
+  # This value is overriden by the SC_LOG_LEVEL env var.
+  default-log-level: notice
+
+  # The default output format.  Optional parameter, should default to
+  # something reasonable if not provided.  Can be overriden in an
+  # output section.  You can leave this out to get the default.
+  #
+  # This value is overriden by the SC_LOG_FORMAT env var.
+  #default-log-format: "[%i] %t - (%f:%l) <%d> (%n) -- "
+
+  # A regex to filter output.  Can be overridden in an output section.
+  # Defaults to empty (no filter).
+  #
+  # This value is overriden by the SC_LOG_OP_FILTER env var.
+  default-output-filter:
+
+  # Define your logging outputs.  If none are defined, or they are all
+  # disabled you will get the default - console output.
+  outputs:
+  - console:
+      enabled: yes
+      # type: json
+  - file:
+      enabled: yes
+      filename: @e_logdir@suricata.log
+      # type: json
+  - syslog:
+      enabled: no
+      facility: local5
+      format: "[%i] <%d> -- "
+      # type: json
+
+
 
 # Number of packets preallocated per thread. The default is 1024. A higher number 
 # will make sure each CPU will be more easily kept busy, but may negatively 
@@ -1061,46 +1105,6 @@ host:
 #  prealloc: 1000
 #  memcap: 16777216
 
-# Logging configuration.  This is not about logging IDS alerts, but
-# IDS output about what its doing, errors, etc.
-logging:
-
-  # The default log level, can be overridden in an output section.
-  # Note that debug level logging will only be emitted if Suricata was
-  # compiled with the --enable-debug configure option.
-  #
-  # This value is overriden by the SC_LOG_LEVEL env var.
-  default-log-level: notice
-
-  # The default output format.  Optional parameter, should default to
-  # something reasonable if not provided.  Can be overriden in an
-  # output section.  You can leave this out to get the default.
-  #
-  # This value is overriden by the SC_LOG_FORMAT env var.
-  #default-log-format: "[%i] %t - (%f:%l) <%d> (%n) -- "
-
-  # A regex to filter output.  Can be overridden in an output section.
-  # Defaults to empty (no filter).
-  #
-  # This value is overriden by the SC_LOG_OP_FILTER env var.
-  default-output-filter:
-
-  # Define your logging outputs.  If none are defined, or they are all
-  # disabled you will get the default - console output.
-  outputs:
-  - console:
-      enabled: yes
-      # type: json
-  - file:
-      enabled: no
-      filename: @e_logdir@suricata.log
-      # type: json
-  - syslog:
-      enabled: no
-      facility: local5
-      format: "[%i] <%d> -- "
-      # type: json
-
 # Tilera mpipe configuration. for use on Tilera TILE-Gx.
 mpipe: