Suricata settings.
Declarations
Type
YAML valueExample
vars.address-groups.HOME_NET = "192.168.178.0/24";
outputs = [
{
fast = {
enabled = true;
filename = "fast.log";
append = "yes";
};
}
{
eve-log = {
enabled = true;
filetype = "regular";
filename = "eve.json";
community-id = true;
types = [
{
alert.tagged-packets = "yes";
}
];
};
}
];
af-packet = [
{
interface = "eth0";
cluster-id = "99";
cluster-type = "cluster_flow";
defrag = "yes";
}
{
interface = "default";
}
];
af-xdp = [
{
interface = "eth1";
}
];
dpdk.interfaces = [
{
interface = "eth2";
}
];
pcap = [
{
interface = "eth3";
}
];
app-layer.protocols = {
telnet.enabled = "yes";
dnp3.enabled = "yes";
modbus.enabled = "yes";
};