From 62aaae24fd8dd3edd2e2caa4444e0b40c529dff8 Mon Sep 17 00:00:00 2001
From: Giuseppe Longo <giuseppelng@gmail.com>
Date: Sat, 14 Dec 2013 10:40:57 +0100
Subject: [PATCH] Adds a configuration example for nflog support in
 suricata.yaml

---
 suricata.yaml.in | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 7cf9108e54..780b939816 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -290,6 +290,23 @@ nfq:
 #  batchcount: 20
 #  fail-open: yes
 
+#nflog support
+nflog:
+    # netlink multicast group
+    # (the same as the iptables --nflog-group param)
+    # Group 0 is used by the kernel, so you can't use it
+  - group: 2
+    # netlink buffer size
+    buffer-size: 18432
+    # put default value here
+  - group: default
+    # set number of packet to queue inside kernel
+    qthreshold: 1
+    # set the delay before flushing packet in the queue inside kernel
+    qtimeout: 100
+    # netlink max buffer size
+    max-size: 20000
+
 # af-packet support
 # Set threads to > 1 to use PACKET_FANOUT support
 af-packet: