From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Sat, 4 May 2019 14:55:50 +0000 (-0700)
Subject: eve/logging: disable anomaly logging by default
X-Git-Tag: suricata-5.0.0-rc1~509
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3836%2Fhead;p=thirdparty%2Fsuricata.git

eve/logging: disable anomaly logging by default

Disable anomaly logging by default. Networks with excessive issues may
experience packet processing degradation.
---

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 091cbd96c1..23bd180fac 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -154,7 +154,13 @@ outputs:
             # Enable the logging of tagged packets for rules using the
             # "tag" keyword.
             tagged-packets: yes
-        - anomaly:
+        #- anomaly:
+            # Anomaly log records describe unexpected conditions such as truncated packets, packets with invalid
+            # IP/UDP/TCP length values, and other events that render the packet invalid for further processing 
+            # or describe unexpected behavior on an established stream. Networks which experience high
+            # occurrences of anomalies may experience packet processing degradation.
+
+            # Enable dumping of packet header
             # packethdr: no            # enable dumping of packet header
         - http:
             extended: yes     # enable this for extended logging information