From 16221c0b33f1b83277ccc9c7e1ddacc2f6d497a6 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Sat, 12 Oct 2019 09:59:46 -0600 Subject: [PATCH] suricata.yaml/dns: small cleanups, not that default is v2 Note that the eve dns log format is version 2 by default. Make the value of commented out values their default. Update the comment on the types to better reflect what it does. --- suricata.yaml.in | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/suricata.yaml.in b/suricata.yaml.in index decefaed80..d78ac70d3e 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -200,16 +200,14 @@ outputs: - dns: # This configuration uses the new DNS logging format, # the old configuration is still available: - # http://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html#eve-extensible-event-format - # Use version 2 logging with the new format: - # DNS answers will be logged in one single event - # rather than an event for each of it. - # Without setting a version the version - # will fallback to 1 for backwards compatibility. - version: 2 + # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format + + # As of Suricata 5.0, version 2 of the eve dns output + # format is the default. + #version: 2 # Enable/disable this logger. Default: enabled. - #enabled: no + #enabled: yes # Control logging of requests and responses: # - requests: enable logging of DNS queries @@ -224,8 +222,8 @@ outputs: # Default: all #formats: [detailed, grouped] - # Answer types to log. - # Default: all + # Types to log, based on the query type. + # Default: all. #types: [a, aaaa, cname, mx, ns, ptr, txt] - tls: extended: yes # enable this for extended logging information