config/anomaly: use enabled key word; cleanups

The anomaly section was commented out, but the types sub object
was not, which then attached the types keyword to the previous
object.

Instead keep "anomaly" enabled in the yaml (not commented out)
and use the "enabled: no" to have it disabled by default.

Additonally reformat the comments to be better viewed in 80
columns.

suricata.yaml.in

@@ -155,25 +155,36 @@ outputs:
             # Enable the logging of tagged packets for rules using the
             # "tag" keyword.
             tagged-packets: yes
-        #- anomaly:
+        - anomaly:
-            # Anomaly log records describe unexpected conditions such as truncated packets, packets with invalid
+            # Anomaly log records describe unexpected conditions such
-            # IP/UDP/TCP length values, and other events that render the packet invalid for further processing 
+            # as truncated packets, packets with invalid IP/UDP/TCP
-            # or describe unexpected behavior on an established stream. Networks which experience high
+            # length values, and other events that render the packet
-            # occurrences of anomalies may experience packet processing degradation.
+            # invalid for further processing or describe unexpected
+            # behavior on an established stream. Networks which
+            # experience high occurrences of anomalies may experience
+            # packet processing degradation.
             #
             # Anomalies are reported for the following:
-            # 1. Decode: Values and conditions that are detected while decoding individual packets. This includes
+            # 1. Decode: Values and conditions that are detected while
-            # invalid or unexpected values for low-level protocol lengths as well as stream related events (TCP 3-way
+            # decoding individual packets. This includes invalid or
-            # handshake issues, unexpected sequence number, etc).
+            # unexpected values for low-level protocol lengths as well
-            # 2. Stream: This includes stream related events (TCP 3-way handshake issues, unexpected sequence number, etc).
+            # as stream related events (TCP 3-way handshake issues,
-            # 3. Application layer: These denote application layer specific conditions that are unexpected, invalid or
+            # unexpected sequence number, etc).
-            # are unexpected given the application monitoring state.
+            # 2. Stream: This includes stream related events (TCP
-            #
+            # 3-way handshake issues, unexpected sequence number,
-            # By default, anomaly logging is disabled. When anomaly logging is enabled, applayer anomaly
+            # etc).
-            # reporting is enabled.
+            # 3. Application layer: These denote application layer
-            #
+            # specific conditions that are unexpected, invalid or are
-            # Choose one or both types of anomaly logging and whether to enable
+            # unexpected given the application monitoring state.
-            # logging of the packet header for packet anomalies.
+            #
+            # By default, anomaly logging is disabled. When anomaly
+            # logging is enabled, applayer anomaly reporting is
+            # enabled.
+            enabled: no
+            #
+            # Choose one or both types of anomaly logging and whether
+            # to enable logging of the packet header for packet
+            # anomalies.
             types:
               # decode: no
               # stream: no