10. ConfigurationΒΆ
- 10.1. Suricata.yaml
- 10.1.1. Max-pending-packets
- 10.1.2. Runmodes
- 10.1.3. Default-packet-size
- 10.1.4. User and group
- 10.1.5. PID File
- 10.1.6. Action-order
- 10.1.7. Packet alert queue settings
- 10.1.8. Splitting configuration in multiple files
- 10.1.9. Event output
- 10.1.9.1. Default logging directory
- 10.1.9.2. Stats
- 10.1.9.3. Outputs
- 10.1.9.4. Line based alerts log (fast.log)
- 10.1.9.5. Eve (Extensible Event Format)
- 10.1.9.6. A line based log of HTTP requests (http.log)
- 10.1.9.7. Packet log (pcap-log)
- 10.1.9.8. Verbose Alerts Log (alert-debug.log)
- 10.1.9.9. Alert output to prelude (alert-prelude)
- 10.1.9.10. Stats
- 10.1.9.11. Syslog
- 10.1.9.12. File-store (File Extraction)
- 10.1.10. Detection engine
- 10.1.11. Threading
- 10.1.12. IP Defrag
- 10.1.13. Flow and Stream handling
- 10.1.14. Application Layer Parsers
- 10.1.15. Engine Logging
- 10.1.16. Packet Acquisition
- 10.1.17. Rules
- 10.1.18. Engine analysis and profiling
- 10.1.19. Decoder
- 10.1.20. Advanced Options
- 10.2. Global-Thresholds
- 10.3. Exception Policies
- 10.4. Snort.conf to Suricata.yaml
- 10.5. Multi Tenancy
- 10.6. Dropping Privileges After Startup