eve/logging: disable anomaly logging by default

Disable anomaly logging by default. Networks with excessive issues may
experience packet processing degradation.

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 091cbd96c1e69937908fc0a82d3e40cd3b6d5e2e..23bd180fac1092501c7ef4473b6d1be8375d8279 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -154,7 +154,13 @@ outputs:
             # Enable the logging of tagged packets for rules using the
             # "tag" keyword.
             tagged-packets: yes
-        - anomaly:
+        #- anomaly:
+            # Anomaly log records describe unexpected conditions such as truncated packets, packets with invalid
+            # IP/UDP/TCP length values, and other events that render the packet invalid for further processing 
+            # or describe unexpected behavior on an established stream. Networks which experience high
+            # occurrences of anomalies may experience packet processing degradation.
+
+            # Enable dumping of packet header
             # packethdr: no            # enable dumping of packet header
         - http:
             extended: yes     # enable this for extended logging information