aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

config: switch default config to IEEE 1541 notation

Browse Source
pull/11488/head
Victor Julien 1 year ago committed by Victor Julien
parent 342aec8f1c
commit 223a4194ea
1 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File

88
suricata.yaml.in
Unescape Escape View File

@ -162,7 +162,7 @@ outputs:
types:
- alert:
# payload: yes # enable dumping payload in Base64
# payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
# payload-buffer-size: 4 KiB # max size of payload buffer to output in eve-log
# payload-printable: yes # enable dumping payload in printable (lossy) format
# payload-length: yes # enable dumping payload length, including the gaps
# packet: yes # enable dumping of packet (without stream segments)
@ -183,7 +183,7 @@ outputs:
- frame:
# disabled by default as this is very verbose.
enabled: no
# payload-buffer-size: 4kb # max size of frame payload buffer to output in eve-log
# payload-buffer-size: 4 KiB # max size of frame payload buffer to output in eve-log
- anomaly:
# Anomaly log records describe unexpected conditions such
# as truncated packets, packets with invalid IP/UDP/TCP
@ -311,9 +311,9 @@ outputs:
- ssh
- mqtt:
# passwords: yes # enable output of passwords
# string-log-limit: 1kb # limit size of logged strings in bytes.
# Can be specified in kb, mb, gb. Just a number
# is parsed as bytes. Default is 1KB.
# string-log-limit: 1KiB # limit size of logged strings in bytes.
# Can be specified in KiB, MiB, GiB. Just a number
# is parsed as bytes. Default is 1 KiB.
# Use a value of 0 to disable limiting.
# Note that the size is also bounded by
# the maximum parsed message size (see
@ -394,7 +394,7 @@ outputs:
# per thread directory.
#
# Also note that the limit and max-files settings are enforced per thread.
# So the size limit when using 8 threads with 1000mb files and 2000 files
# So the size limit when using 8 threads with 1000 MiB files and 2000 files
# is: 8*1000*2000 ~ 16TiB.
#
# By default all packets are logged except:
@ -407,7 +407,7 @@ outputs:
# File size limit. Can be specified in kb, mb, gb. Just a number
# is parsed as bytes.
limit: 1000mb
limit: 1000 MiB
# If set to a value, ring buffer mode is enabled. Will keep maximum of
# "max-files" of size "limit"
@ -887,7 +887,7 @@ app-layer:
dp: 5900, 5901, 5902, 5903, 5904, 5905, 5906, 5907, 5908, 5909
mqtt:
enabled: yes
# max-msg-length: 1mb
# max-msg-length: 1 MiB
# subscribe-topic-match-limit: 100
# unsubscribe-topic-match-limit: 100
# Maximum number of live MQTT transactions per flow
@ -936,11 +936,11 @@ app-layer:
# max-tx: 1024
ftp:
enabled: yes
# memcap: 64mb
# memcap: 64 MiB
websocket:
#enabled: yes
# Maximum used payload size, the rest is skipped
# max-payload-size: 65535
# max-payload-size: 64 KiB
rdp:
#enabled: yes
ssh:
@ -1024,11 +1024,11 @@ app-layer:
# Byte Range Containers default settings
# byterange:
# memcap: 100mb
# memcap: 100 MiB
# timeout: 60
# memcap: Maximum memory capacity for HTTP
# Default is unlimited, values can be 64mb, e.g.
# Default is unlimited, values can be 64 MiB, e.g.
# default-config: Used when no server-config matches
# personality: List of personalities used by default
@ -1053,16 +1053,16 @@ app-layer:
default-config:
personality: IDS
# Can be specified in kb, mb, gb. Just a number indicates
# Can be specified in KiB, MiB, GiB. Just a number indicates
# it's in bytes.
request-body-limit: 100kb
response-body-limit: 100kb
request-body-limit: 100 KiB
response-body-limit: 100 KiB
# inspection limits
request-body-minimal-inspect-size: 32kb
request-body-inspect-window: 4kb
response-body-minimal-inspect-size: 40kb
response-body-inspect-window: 16kb
request-body-minimal-inspect-size: 32 KiB
request-body-inspect-window: 4 KiB
response-body-minimal-inspect-size: 40 KiB
response-body-inspect-window: 16 KiB
# response body decompression (0 disables)
response-body-decompress-layer-limit: 2
@ -1081,8 +1081,8 @@ app-layer:
swf-decompression:
enabled: no
type: both
compress-depth: 100kb
decompress-depth: 100kb
compress-depth: 100 KiB
decompress-depth: 100 KiB
# Use a random value for inspection sizes around the specified value.
# This lowers the risk of some evasion techniques but could lead
@ -1102,10 +1102,10 @@ app-layer:
#lzma-enabled: false
# Memory limit usage for LZMA decompression dictionary
# Data is decompressed until dictionary reaches this size
#lzma-memlimit: 1mb
#lzma-memlimit: 1 MiB
# Maximum decompressed size with a compression ratio
# above 2048 (only LZMA can reach this ratio, deflate cannot)
#compression-bomb-limit: 1mb
#compression-bomb-limit: 1 MiB
# Maximum time spent decompressing a single transaction in usec
#decompression-time-limit: 100000
# Maximum number of live transactions per flow
@ -1116,7 +1116,7 @@ app-layer:
#- apache:
# address: [192.168.1.0/24, 127.0.0.0/8, "::1"]
# personality: Apache_2
# # Can be specified in kb, mb, gb. Just a number indicates
# # Can be specified in KiB, MiB, GiB. Just a number indicates
# # it's in bytes.
# request-body-limit: 4096
# response-body-limit: 4096
@ -1128,7 +1128,7 @@ app-layer:
# - 192.168.0.0/24
# - 192.168.10.0/24
# personality: IIS_7_0
# # Can be specified in kb, mb, gb. Just a number indicates
# # Can be specified in KiB, MiB, GiB. Just a number indicates
# # it's in bytes.
# request-body-limit: 4096
# response-body-limit: 4096
@ -1190,7 +1190,7 @@ datasets:
# Default fallback memcap and hashsize values for datasets in case these
# were not explicitly defined.
defaults:
#memcap: 100mb
#memcap: 100 MiB
#hashsize: 2048
rules:
@ -1403,7 +1403,7 @@ host-os-policy:
# The exception policy memcap-policy value can be "drop-packet", "pass-packet",
# "reject" or "ignore" (which is the default).
defrag:
memcap: 32mb
memcap: 32 MiB
# memcap-policy: ignore
hash-size: 65536
trackers: 65535 # number of defragmented flows to follow
@ -1426,7 +1426,7 @@ defrag:
# - 172.16.14.0/24
# Flow settings:
# By default, the reserved memory (memcap) for flows is 32MB. This is the limit
# By default, the reserved memory (memcap) for flows is 32 MiB. This is the limit
# for flow allocation inside the engine. You can change this value to allow
# more memory usage for flows.
# The hash-size determines the size of the hash used to identify flows inside
@ -1442,13 +1442,13 @@ defrag:
# the emergency bit and it will try again with more aggressive timeouts.
# If that doesn't work, then it will try to kill the oldest flows using
# last time seen flows.
# The memcap can be specified in kb, mb, gb. Just a number indicates it's
# The memcap can be specified in KiB, MiB, GiB. Just a number indicates it's
# in bytes.
# The exception policy memcap-policy can be "drop-packet", "pass-packet",
# "reject" or "ignore" (which is the default).
flow:
memcap: 128mb
memcap: 128 MiB
#memcap-policy: ignore
hash-size: 65536
prealloc: 10000
@ -1526,7 +1526,7 @@ flow-timeouts:
# engine is configured.
#
# stream:
# memcap: 64mb # Can be specified in kb, mb, gb. Just a
# memcap: 64 MiB # Can be specified in KiB, MiB, GiB. Just a
# # number indicates it's in bytes.
# memcap-policy: ignore # The exception policy value can be "drop-flow",
# # "pass-flow", "bypass", "drop-packet",
@ -1557,19 +1557,19 @@ flow-timeouts:
# # means it's slightly more permissive. Enabled by default.
#
# reassembly:
# memcap: 256mb # Can be specified in kb, mb, gb. Just a number
# memcap: 256 MiB # Can be specified in KiB, MiB, GiB. Just a number
# # indicates it's in bytes.
# memcap-policy: ignore # The exception policy value can be "drop-flow",
# # "pass-flow", "bypass", "drop-packet", "pass-packet",
# # "reject" or "ignore" default is "ignore"
# depth: 1mb # Can be specified in kb, mb, gb. Just a number
# depth: 1 MiB # Can be specified in KiB, MiB, GiB. Just a number
# # indicates it's in bytes.
# toserver-chunk-size: 2560 # inspect raw stream in chunks of at least
# # this size. Can be specified in kb, mb,
# # gb. Just a number indicates it's in bytes.
# # this size. Can be specified in KiB, MiB, GiB.
# # Just a number indicates it's in bytes.
# toclient-chunk-size: 2560 # inspect raw stream in chunks of at least
# # this size. Can be specified in kb, mb,
# # gb. Just a number indicates it's in bytes.
# # this size. Can be specified in KiB, MiB, GiB.
# # Just a number indicates it's in bytes.
# randomize-chunk-size: yes # Take a random value for chunk size around the specified value.
# # This lowers the risk of some evasion techniques but could lead
# # to detection change between runs. It is set to 'yes' by default.
@ -1594,16 +1594,16 @@ flow-timeouts:
# # is used in a rule.
#
stream:
memcap: 64mb
memcap: 64 MiB
#memcap-policy: ignore
checksum-validation: yes # reject incorrect csums
#midstream: false
#midstream-policy: ignore
inline: auto # auto will use inline mode in IPS mode, yes or no set it statically
reassembly:
memcap: 256mb
memcap: 256 MiB
#memcap-policy: ignore
depth: 1mb # reassemble 1mb into a stream
depth: 1 MiB # reassemble 1 MiB into a stream
toserver-chunk-size: 2560
toclient-chunk-size: 2560
randomize-chunk-size: yes
@ -1619,7 +1619,7 @@ stream:
host:
hash-size: 4096
prealloc: 1000
memcap: 32mb
memcap: 32 MiB
# IP Pair table:
#
@ -1628,7 +1628,7 @@ host:
#ippair:
# hash-size: 4096
# prealloc: 1000
# memcap: 32mb
# memcap: 32 MiB
# Decoder settings
@ -1707,7 +1707,7 @@ detect:
# Thresholding hash table settings.
thresholds:
hash-size: 16384
memcap: 16mb
memcap: 16 MiB
profiling:
# Log the rules that made it past the prefilter stage, per packet
@ -1801,7 +1801,7 @@ threading:
# set to this value, a fatal error occurs.
#
# Generally, the per-thread stack-size should not exceed 8MB.
#stack-size: 8mb
#stack-size: 8 MiB
# Profiling settings. Only effective if Suricata has been built with
# the --enable-profiling configure flag.

Write Preview
Loading…
Cancel
Save