diff --git a/suricata.yaml.in b/suricata.yaml.in
index 31cfcc7309..1078580db4 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -155,25 +155,36 @@ outputs:
             # Enable the logging of tagged packets for rules using the
             # "tag" keyword.
             tagged-packets: yes
-        #- anomaly:
-            # Anomaly log records describe unexpected conditions such as truncated packets, packets with invalid
-            # IP/UDP/TCP length values, and other events that render the packet invalid for further processing 
-            # or describe unexpected behavior on an established stream. Networks which experience high
-            # occurrences of anomalies may experience packet processing degradation.
+        - anomaly:
+            # Anomaly log records describe unexpected conditions such
+            # as truncated packets, packets with invalid IP/UDP/TCP
+            # length values, and other events that render the packet
+            # invalid for further processing or describe unexpected
+            # behavior on an established stream. Networks which
+            # experience high occurrences of anomalies may experience
+            # packet processing degradation.
             #
             # Anomalies are reported for the following:
-            # 1. Decode: Values and conditions that are detected while decoding individual packets. This includes
-            # invalid or unexpected values for low-level protocol lengths as well as stream related events (TCP 3-way
-            # handshake issues, unexpected sequence number, etc).
-            # 2. Stream: This includes stream related events (TCP 3-way handshake issues, unexpected sequence number, etc).
-            # 3. Application layer: These denote application layer specific conditions that are unexpected, invalid or
-            # are unexpected given the application monitoring state.
+            # 1. Decode: Values and conditions that are detected while
+            # decoding individual packets. This includes invalid or
+            # unexpected values for low-level protocol lengths as well
+            # as stream related events (TCP 3-way handshake issues,
+            # unexpected sequence number, etc).
+            # 2. Stream: This includes stream related events (TCP
+            # 3-way handshake issues, unexpected sequence number,
+            # etc).
+            # 3. Application layer: These denote application layer
+            # specific conditions that are unexpected, invalid or are
+            # unexpected given the application monitoring state.
             #
-            # By default, anomaly logging is disabled. When anomaly logging is enabled, applayer anomaly
-            # reporting is enabled.
+            # By default, anomaly logging is disabled. When anomaly
+            # logging is enabled, applayer anomaly reporting is
+            # enabled.
+            enabled: no
             #
-            # Choose one or both types of anomaly logging and whether to enable
-            # logging of the packet header for packet anomalies.
+            # Choose one or both types of anomaly logging and whether
+            # to enable logging of the packet header for packet
+            # anomalies.
             types:
               # decode: no
               # stream: no