suricata.yaml/dns: small cleanups, not that default is v2

Note that the eve dns log format is version 2 by default. Make the value of commented out values their default. Update the comment on the types to better reflect what it does.
7 years ago · 16221c0b33
parent 42452b327c
commit 16221c0b33
1 changed files with 8 additions and 10 deletions
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -200,16 +200,14 @@ outputs:
        - dns:
            # This configuration uses the new DNS logging format,
            # the old configuration is still available:
-            # http://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html#eve-extensible-event-format
-            # Use version 2 logging with the new format:
-            # DNS answers will be logged in one single event
-            # rather than an event for each of it.
-            # Without setting a version the version
-            # will fallback to 1 for backwards compatibility.
-            version: 2
+            # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format
+
+            # As of Suricata 5.0, version 2 of the eve dns output
+            # format is the default.
+            #version: 2

            # Enable/disable this logger. Default: enabled.
-            #enabled: no
+            #enabled: yes

            # Control logging of requests and responses:
            # - requests: enable logging of DNS queries
@ -224,8 +222,8 @@ outputs:
            # Default: all
            #formats: [detailed, grouped]

-            # Answer types to log.
-            # Default: all
+            # Types to log, based on the query type.
+            # Default: all.
            #types: [a, aaaa, cname, mx, ns, ptr, txt]
        - tls:
            extended: yes     # enable this for extended logging information