From cc492c50c87f9ec1df29d4b5dfb5620480c53fa9 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Sat, 4 May 2019 07:55:50 -0700
Subject: [PATCH] eve/logging: disable anomaly logging by default

Disable anomaly logging by default. Networks with excessive issues may
experience packet processing degradation.
---
 suricata.yaml.in | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 091cbd96c1..23bd180fac 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -154,7 +154,13 @@ outputs:
             # Enable the logging of tagged packets for rules using the
             # "tag" keyword.
             tagged-packets: yes
-        - anomaly:
+        #- anomaly:
+            # Anomaly log records describe unexpected conditions such as truncated packets, packets with invalid
+            # IP/UDP/TCP length values, and other events that render the packet invalid for further processing 
+            # or describe unexpected behavior on an established stream. Networks which experience high
+            # occurrences of anomalies may experience packet processing degradation.
+
+            # Enable dumping of packet header
             # packethdr: no            # enable dumping of packet header
         - http:
             extended: yes     # enable this for extended logging information